I think the `supports_anonymous_users` thing is the best and most simple solution.
The anonymous user should then only call has_perm/has_module_perms on backends that have that set. I would then write a simple decorator which checks the backends for that flag to determine if we should do a login_required or has_perm check. Because a real pluggable app would want to support both :) On Jan 26, 4:01 pm, Florian Apolloner <f.apollo...@gmail.com> wrote: > On Jan 26, 3:19 pm, Harro <hvdkl...@gmail.com> wrote:> - If the default > backend always returns false for anonymous users then > > pluggable apps have to either expect some row level permission system > > is installed and used or don't check permissions for things that an > > anonymous user can access. > > Why do they have to expect a row level permission system to be > installed? The ModelBackend would always return False for anonymous, > so everything would stay as it is… > > > I think the best solution is to add anonymous user permissions as > > proposed by me a bit up, but only actually check them if a settings > > flag is set to True (with a default on False). If it's not set it will > > simply return False for anonymous users, otherwise it will check the > > permissions. > > I am -1 on that, using `supports_anonymous_users` is way better and > allows a cleaner upgrade path (as every backend will have to support > anonymous users sooner or later) -- You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-develop...@googlegroups.com. To unsubscribe from this group, send email to django-developers+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-developers?hl=en.
