but we can do this "little" modification in v1.1 i think this change will allow site administrator to ban users through change is_active flag
Waylan Limberg pisze: > On Mon, Nov 10, 2008 at 2:49 PM, Sebastian Bauer <[EMAIL PROTECTED]> wrote: > >> Hello, i think login_required should check that user is not only >> authenticated, but also if is active. What do you think about this change? >> >> > > I see two problems with this: > > 1. This current behavior is fully documented [1]. In relevant part, > the documentation says: > > >> This doesn't control whether or not the user can log >> in. Nothing in the authentication path checks the >> is_active flag, so if you want to reject a login based >> on is_active being False, it is up to you to check that >> in your own login view. However, permission checking >> using the methods like has_perm() does check this >> flag and will always return False for inactive users. >> > > 2. Many people have expected the current behavior for some time and > such a change would be backward incompatible. > > Although, I do see that the documentation specific to the > login_required view does not specifically mention the behavior. > Perhaps a note there would be beneficial. > > [1]: http://docs.djangoproject.com/en/dev/topics/auth/#api-reference > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-developers?hl=en -~----------~----~----~----~------~----~------~--~---