> As you say - anonymous users are by definition not *authenticated*, > but that does not be that they are not *authorised*. Permissions is > about authorisation, not authentication, and Harro had some good > examples where you want to control authorisation for non-authenticated > users in a fine-grained way. In fact, most websites assume a certain > level of authorisation for non-authenticated users (ability to browse > certain parts of the site etc.), so this distinction is already real, > not just academic, and the patch would just make it easier to control
Thanks for the explanation, but I still believe that by giving authentication backends more abilities wrt anonymous users you would effectively encourage the bad practice of putting workflow logic (e.g. "Should anonymous users be allowed to use this view?") in a backend that is specifically made for the User model. Jannis
-- You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-develop...@googlegroups.com. To unsubscribe from this group, send email to django-developers+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-developers?hl=en.
