@Janis: I see your point,in my proposal the default model authentication backend always returns False for the AnonymousUser. That would indeed mean guest users have no access at all. But I guess you could write a wrapper that used a function specified in the settings (with a default pointing to a function in your app) that takes some arguments and based on that sees if the user is anonymous or not and then does or doesn't check the has_perm function.
On Jan 19, 4:34 pm, Jannis Leidel <jan...@leidel.info> wrote: > Am 19.01.2010 um 16:10 schrieb Luke Plant: > > > > > > > On Tuesday 19 January 2010 14:23:06 Jannis Leidel wrote: > > >>> I think the best argument in favor of it is using permissions > >>> with reusable applications. Say I have a wiki application I > >>> write, I don't know whether anonymous users should be able to > >>> edit pages, I could make it a setting, but that's ugly. Instead > >>> the natural thing to do is ask the auth backend and let the > >>> developer implement it however. > > >> So you would implement an authentication backend specifically for > >> your wiki app to be able to check if anonymous users have the > >> permission to edit a page? How is that less ugly than a setting? > > > In that simple case, a setting might be easier, but it is ugly in the > > sense of poor separation of concerns. And it is much less flexible - > > what if the setting might depend on which page they are editing? Very > > quickly you will end up with the wiki app needing it's own permission > > system. The writer of the wiki app can avoid the whole question by > > always delegating authorisation questions to the standard mechanism. > > > I understand your concern about the auth backend assuming 'User', not > > 'AnonymousUser', but we have specifically documented AnonymousUser as > > implementing the same interface as User, and I cannot see what harm it > > would cause to allow this. > > That's a good point, and I have to admit I begin to realize that the real > culprit for me is not the backend implementation but rather the special > status of the AnonymousUser. We have to jump through quite a few hoops to > make that possible. > > Jannis
-- You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-develop...@googlegroups.com. To unsubscribe from this group, send email to django-developers+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-developers?hl=en.
