[Django] #18352: You can't use AnonymousUser in the database API

Sun, 20 May 2012 00:50:22 -0700 

#18352: You can't use AnonymousUser in the database API
------------------------------+--------------------
     Reporter:  teolicy       |      Owner:  nobody
         Type:  New feature   |     Status:  new
    Component:  contrib.auth  |    Version:  1.4
     Severity:  Normal        |   Keywords:
 Triage Stage:  Unreviewed    |  Has patch:  0
Easy pickings:  0             |      UI/UX:  0
------------------------------+--------------------
 There's an ancient ticket (#3413) with the same title, where the person
 opening the ticket probably failed to realize that you can't use
 AnonymousUser with the ORM and didn't duly check is_authenticated() before
 using request.user (or whatever).

 I do understand the difference between User and AnonymousUser, and
 understand the latter can't be used with the ORM, but I think this is poor
 behaviour which may need correction (though breaking backwards
 compatibility could be a very good reason not to fix this). I think it's
 tedious and error prone to check for is_authenticated() all the time, and
 I had more than one bug where I was bit by request.user not having
 get_full_name() or .pk or plainly not being searchable as
 SomeModel.objects.filter(owner=request.user).exists() or so.

 I think the best solution would be for AnonymousUser to be 100% compatible
 with the ORM, and I think the sanest way to get there would be to make it
 possible to create a User object with reasonable values. Backwards
 compatibility could be achieved with a setting like
 AUTH_NEW_STYLE_ANONYMOUS=True, syncdb() could create the record in the
 database.

 I'd love to hear your comments, I'm thinking about implementing this as a
 (very small) external project if this will be rejected, so in addition to
 knowing whether this is a good idea for django, I'd appreciate your
 thoughts about whether this is a good idea at all.

-- 
Ticket URL: <https://code.djangoproject.com/ticket/18352>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to 
[email protected].
For more options, visit this group at 
http://groups.google.com/group/django-updates?hl=en.

Reply via email to