Scrub my above message, here is the new revised and working summary for per site login:
1. user_logged_in signal callback that adds request.session[SITE_ID_SESSION_KEY] = request.site_id 2. AuthenticationForm with clean that does authenticate(site_id, username, password) 3. MultiSitedAuthenticationMiddleware that adds request.user which understands the request.session[SITE_ID_SESSION_KEY] and authenticate(site_id, username, password) 4. Auth backend MultiSitedBackend that understands authenticate(site_id, username, password) and UserSite permission check. 5. Create models for per site permissions (UserSite and GroupSite): class UserSite(models.Model): user, site, is_superuser, is_active, permissions This is pretty pluggable, no patches to django (yet) except one considering testing: http://code.djangoproject.com/ticket/15179 On Jan 27, 5:16 pm, Jari Pennanen <[email protected]> wrote: > I think I've found the necessary tools making the Django login to work > per site basis: > > 1. Create own login view that calls the auth backend with > authenticate(site_id, username, password) > > 2. Create own auth backend that takes site_id, username and password > (also checks permissions by site) > > 3. *) Create own auth middleware that creates request.user > (Django's own authentication middleware and backend does has a > shortcoming *) > > 4. Create models for per site permissions (UserSite and GroupSite): > class UserSite(models.Model): user, site, is_superuser, is_active, > permissions > > --------- > > * The shortcoming in Django authentication middleware, it relies on > this function django.contrib.auth.get_user: > def get_user(request): > ... > user = backend.get_user(user_id) or AnonymousUser() > ... > > If this were something like this: > > user = backend.get_user(user_id, request=request) or AnonymousUser() > > The backend could verify that the user_id is authenticated with this > site's request. -- You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/django-developers?hl=en.
