Am 19.01.2010 um 16:10 schrieb Luke Plant:
> On Tuesday 19 January 2010 14:23:06 Jannis Leidel wrote:
>
>>> I think the best argument in favor of it is using permissions
>>> with reusable applications. Say I have a wiki application I
>>> write, I don't know whether anonymous users should be able to
>>> edit pages, I could make it a setting, but that's ugly. Instead
>>> the natural thing to do is ask the auth backend and let the
>>> developer implement it however.
>>
>> So you would implement an authentication backend specifically for
>> your wiki app to be able to check if anonymous users have the
>> permission to edit a page? How is that less ugly than a setting?
>
> In that simple case, a setting might be easier, but it is ugly in the
> sense of poor separation of concerns. And it is much less flexible -
> what if the setting might depend on which page they are editing? Very
> quickly you will end up with the wiki app needing it's own permission
> system. The writer of the wiki app can avoid the whole question by
> always delegating authorisation questions to the standard mechanism.
>
> I understand your concern about the auth backend assuming 'User', not
> 'AnonymousUser', but we have specifically documented AnonymousUser as
> implementing the same interface as User, and I cannot see what harm it
> would cause to allow this.
That's a good point, and I have to admit I begin to realize that the real
culprit for me is not the backend implementation but rather the special status
of the AnonymousUser. We have to jump through quite a few hoops to make that
possible.
Jannis
--
You received this message because you are subscribed to the Google Groups
"Django developers" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/django-developers?hl=en.
