#17254: ModelBackend should have a get_anonymous_user method
------------------------------------+--------------------------------------
Reporter: riccardodivirgilio | Owner: nobody
Type: Bug | Status: reopened
Component: contrib.auth | Version:
Severity: Normal | Resolution:
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 1 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
------------------------------------+--------------------------------------
Changes (by riccardodivirgilio):
* status: closed => reopened
* resolution: duplicate =>
Comment:
this is what i have done.
maybe you have missed the point. this is not about my application, or the
way i found to hack this lack, you asked me for an example.
the point is that this is not a real backend.
the current django behavior is to permit a developer to create a custom
user class, but the middleware do not pass the same class if the user in
unauthenticated.
according to me, in a running application, it's a mess to have to
different kind of classes, depending if the user is authenticated or not.
i'm not here to ask django to solve my problems, i'm are to solve django
problems, because my application is alive and running, i'm only
contributing for an issue, that (according to me) it's big for deploying a
custom user backend.
in an object-driving application, i don't see why i have to write function
and put a lot of time getattr(user, "foo") or hasattr(user, "foo"),
because it's my app and in my app user has foo attribute, because i have
decided that is required, so in this login even the Unauthenticated user
must have a foo attribute.
django it's a framework, not an application, developers must be able to
decide which field user class must have, and with the current backend
developers cannot do that.
please read the backend.py i have attached, it's better to have an
attribute in the class and call it using something like
"self.user_model.objects.get()" for the same reason inside the ModelAdmin
you call self.model and not directly the model itself.
whit this simple approach a developer can set a custom user class and a
permission backend but it's still able to use all views and urls without
any hack.
please, read the code, they are just a few line of code that can save a
lot of problems.
my question is why do you want to set AnoninmousUser as request.user,
instead of let developers choose to use django class or a custom class?
why?
--
Ticket URL: <https://code.djangoproject.com/ticket/17254#comment:9>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to django-updates@googlegroups.com.
To unsubscribe from this group, send email to
django-updates+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en.
