I think it has been done on purpose, and should not be changed. Because different authentication backends may choose to support inactive users or not. And the default (ModelBackend) supports inactive users which is expressed in ModelBackend.supports_inactive_user = True. So I would suggest you write a custom decorator.
On Fri, Sep 2, 2011 at 6:49 AM, Wim Feijen <wimfei...@gmail.com> wrote: > I'd like to draw attention to an open ticket which needs a design > decision. > > Description: > "The login_required decorator is not checking User.is_active, as > staff_member_required does. If an authenticated user is deactivated > (via setting is_active to False), the user is still able to browse > login_required-protected views." > > For probably most people, the expected and (most likely) wanted > behavior would be not to let inactive users have access to > login_required files. > > Wim > > -- > You received this message because you are subscribed to the Google Groups > "Django developers" group. > To post to this group, send email to django-developers@googlegroups.com. > To unsubscribe from this group, send email to > django-developers+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/django-developers?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com. To unsubscribe from this group, send email to django-developers+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-developers?hl=en.
