subject:"\[Django\] #28302\: Separate authorisation from authentication"

Re: [Django] #28302: Separate authorisation from authentication

2017-06-13 Thread Django

#28302: Separate authorisation from authentication
-+-
 Reporter:  Luc Saffre   |Owner:  nobody
 Type:   |   Status:  closed
  Cleanup/optimization   |
Component:  contrib.auth |  Version:  1.11
 Severity:  Normal   |   Resolution:  duplicate
 Keywords:   | Triage Stage:
 |  Unreviewed
Has patch:  0|  Needs documentation:  0
  Needs tests:  0|  Patch needs improvement:  0
Easy pickings:  0|UI/UX:  0
-+-
Changes (by Tim Graham):

 * status:  new => closed
 * resolution:   => duplicate
 * component:  Uncategorized => contrib.auth
 * type:  Uncategorized => Cleanup/optimization


Comment:

 I'd consider this a duplicate of #20313. I closed the PR to stable/1.11.x
 as this type of change doesn't qualify for a backport per our
 [https://docs.djangoproject.com/en/dev/internals/release-process
 /#supported-versions supported versions policy]. Feel free to send a pull
 request to master -- tests and documentation also required.

--
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/065.13f512825af405df29a27cb00f8a4284%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

[Django] #28302: Separate authorisation from authentication

2017-06-13 Thread Django

#28302: Separate authorisation from authentication
-+
   Reporter:  Luc Saffre |  Owner:  nobody
   Type:  Uncategorized  | Status:  new
  Component:  Uncategorized  |Version:  1.11
   Severity:  Normal |   Keywords:
   Triage Stage:  Unreviewed |  Has patch:  0
Needs documentation:  0  |Needs tests:  0
Patch needs improvement:  0  |  Easy pickings:  0
  UI/UX:  0  |
-+
 With the AUTH_USER_MODEL setting, Django has opened the door for
 specifying a custom User model. Now it is only a little step to make it
 possible to use Django's authentication system without also using the
 authorization and permissions system. We just need to make sure that the
 functions defined in the auth.__init__.py file don't import the
 auth.models.py file. This is necessary because Django does not allow
 importing a models module of an app which is not installed.

 This is what [https://github.com/django/django/pull/8635 pull request
 8635] does. The changes in this PR are rather minimal and don't affect
 Django itself. We ran the Django test suite as described in
 [https://docs.djangoproject.com/en/dev/intro/contributing/ Writing your
 first patch for Django] in order to verify this. Summary of our changes:

 1) in file `django/contrib/auth/base_user.py` we define a class method on
 the AbstractUser model:


 {{{
 @classmethod
 def get_anonymous_user(cls):
 """Return an instance of AnonymousUser. Alternative
 implementations
 for AUTH_USER_MODEL may override this to use an alternative
 AnonymousUser class or add custom initialization.

 """
 return AnonymousUser()

 }}}

 2) In three places we changed Django to call this class method instead of
 instantiating AnonymousUser itself.

 BEFORE:

 {{{
 from django.contrib.auth.models import AnonymousUser
 request.user = AnonymousUser()
 }}}

 AFTER:

 {{{
 from django.contrib.auth import get_user_model
 request.user = get_user_model().get_anonymous_user()

 }}}

 As a side effect this PR also provides a fix for #20313. Instead of
 introducing a new setting ANONYMOUS_USER_MODEL, we prefer to define a
 class method on the AbstractUser model.

 This PR might also be an answer to #26401 (Allow auth machinery to be used
 without installing auth app)

 Some of our applications application cannot yet migrate to Python 3 due to
 third-party dependencies. So for us it would be important that these
 changes could be visible to the latest 1.x branch as well.

--
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/050.79929c56aef6e1081dd350d016645d3f%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Django] #28302: Separate authorisation from authentication

[Django] #28302: Separate authorisation from authentication

2 matches

Site Navigation

Mail list logo

Footer information