I think so far we agree that we need to add something for anonymous users, because the added enhancement currently doesn't add enough to integrate row level permissions as they should be. The problems are:
- Anonymous users should check the authentication backend for permissions, so it is possible to implement anonymous user permissions - If the default backend always returns false for anonymous users then pluggable apps have to either expect some row level permission system is installed and used or don't check permissions for things that an anonymous user can access. I think the best solution is to add anonymous user permissions as proposed by me a bit up, but only actually check them if a settings flag is set to True (with a default on False). If it's not set it will simply return False for anonymous users, otherwise it will check the permissions. That way pluggable apps decide for themselves if they want to check permissions for all users and if they do throw an error if the flag is not set. Or if they simply do it the old way by doing a login_required for the views that need logged in users. On Jan 26, 1:12 pm, Jari Pennanen <[email protected]> wrote: > I read from "1.2 beta" thread that this might make it to the 1.2 beta > of Django, any status on that? Is someone trying to commit the patches? -- You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/django-developers?hl=en.
