Re: is_authenticated as property

2016-04-27 Thread Sven R. Kunze
Am Montag, 25. April 2016 10:38:23 UTC+2 schrieb Florian Apolloner: > > Absolutely not, what are you basing your justification on? > The fact that I know real cases where this was a security issue. I'd rather have a backwards incompatibility than a security hole. But that may just be me. One m

Re: Making Django more PaaS-friendly

2016-04-27 Thread Carl Meyer
Hi Marcin, On 04/26/2016 08:12 PM, Marcin Nowak wrote: > But I would like to say my thoughts about "settings" itself. > They were good (simple) before incuding nested dictionaries. > After switching to dicts the settings handling went harder way. I agree that settings grouped into dicts are harde

Re: Decoupling Permission-Check from Calling the View

2016-04-27 Thread alasdair . nicol
On Wednesday, April 27, 2016 at 9:55:57 AM UTC+1, guettli wrote: > > Am Dienstag, 26. April 2016 16:27:32 UTC+2 schrieb Alasdair Nicol: >> >> I haven't needed to explain why permission has been granted, but I have >> had admins asking me why a user is getting permission denied for a >> particular

Re: Decoupling Permission-Check from Calling the View

2016-04-27 Thread James Pic
Hi all, I agree with Thomas here, we shouldn't give any detail to the user blocked because of permission configuration. We should however log that somewhere like django-rules-light for the admin. BTW This proposal looks great, keep up the good work B) James -- You received this message because

Re: Decoupling Permission-Check from Calling the View

2016-04-27 Thread guettli
Am Dienstag, 26. April 2016 16:27:32 UTC+2 schrieb Alasdair Nicol: > > I haven't needed to explain why permission has been granted, but I have > had admins asking me why a user is getting permission denied for a > particular view. To answer that, you would > > 1. Get the url > 2. Resolve that t