I'm interested in participating in your mentors program in Google
Summer Code.
Clearly looking on the current situation with authentication,
authorisation, customization of users, I could say that there is no
simple solution for achieving all possible modifications of user auth
subsystem. I would like to propose such approach :
contrib.auth.models.user should be a proxy class for real User-model
class that will be defined by developer. By proxing we simplify the
task of importing real-User model, because everywhere we are importing
only contrib.auth.models.User class.
The code for proxying should be looked like :
class AbstractUser(models.Model):
"""
Just django abstract model
"""
def __getattr__(self,name):
_defaults = {
'id':None,
'username':'',
'first_name':'',
'last_name':'',
'email':'',
'password':UNUSABLE_PASSWORD,
'is_staff':False,
'is_active':False,
'is_superuser':False,
'last_login':datetime.datetime.now(),
'date_joined':datetime.datetime.now(),
'groups':EmptyManager(),
'user_permissions':EmptyManager(),
}
try :
value = getattr(self,name)
return value
except Exception :
if _defaults.has_key(name) :
return _defaults[name]
return None
def __unicode__(self):
return self.username
def get_absolute_url(self):
return "/users/%s/" % urllib.quote(smart_str(self.username))
def is_anonymous(self):
"""
Always returns False. This is a way of comparing User objects
to
anonymous users.
"""
return False
def is_authenticated(self):
"""
Always return True. This is a way to tell if the user has been
authenticated in templates.
"""
return True
def get_full_name(self):
"Returns the first_name plus the last_name, with a space in
between."
full_name = u'%s %s' % (self.first_name, self.last_name)
return full_name.strip()
def set_password(self, raw_password):
import random
algo = 'sha1'
salt = get_hexdigest(algo, str(random.random()),
str(random.random()))[:5]
hsh = get_hexdigest(algo, salt, raw_password)
self.password = '%s$%s$%s' % (algo, salt, hsh)
def check_password(self, raw_password):
"""
Returns a boolean of whether the raw_password was correct.
Handles
encryption formats behind the scenes.
"""
# Backwards-compatibility check. Older passwords won't include
the
# algorithm or salt.
if '$' not in self.password:
is_correct = (self.password == get_hexdigest('md5', '',
raw_password))
if is_correct:
# Convert the password to the new, more secure format.
self.set_password(raw_password)
self.save()
return is_correct
return check_password(raw_password, self.password)
def set_unusable_password(self):
# Sets a value that will never be a valid hash
self.password = UNUSABLE_PASSWORD
def has_usable_password(self):
return self.password != UNUSABLE_PASSWORD
def get_group_permissions(self, obj=None):
"""
Returns a list of permission strings that this user has
through
his/her groups. This method queries all available auth
backends.
If an object is passed in, only permissions matching this
object
are returned.
"""
permissions = set()
for backend in auth.get_backends():
if hasattr(backend, "get_group_permissions"):
if obj is not None:
if backend.supports_object_permissions:
permissions.update(
backend.get_group_permissions(self, obj)
)
else:
permissions.update(backend.get_group_permissions(self))
return permissions
def get_all_permissions(self, obj=None):
return _user_get_all_permissions(self, obj)
def has_perm(self, perm, obj=None):
"""
Returns True if the user has the specified permission. This
method
queries all available auth backends, but returns immediately
if any
backend returns True. Thus, a user who has permission from a
single
auth backend is assumed to have permission in general. If an
object
is provided, permissions for this specific object are checked.
"""
# Inactive users have no permissions.
if not self.is_active:
return False
# Superusers have all permissions.
if self.is_superuser:
return True
# Otherwise we need to check the backends.
return _user_has_perm(self, perm, obj)
def has_perms(self, perm_list, obj=None):
"""
Returns True if the user has each of the specified
permissions.
If object is passed, it checks if the user has all required
perms
for this object.
"""
for perm in perm_list:
if not self.has_perm(perm, obj):
return False
return True
def has_module_perms(self, app_label):
"""
Returns True if the user has any permissions in the given app
label. Uses pretty much the same logic as has_perm, above.
"""
if not self.is_active:
return False
if self.is_superuser:
return True
return _user_has_module_perms(self, app_label)
def get_and_delete_messages(self):
messages = []
for m in self.message_set.all():
messages.append(m.message)
m.delete()
return messages
def email_user(self, subject, message, from_email=None):
"Sends an e-mail to this User."
from django.core.mail import send_mail
send_mail(subject, message, from_email, [self.email])
def get_profile(self):
"""
Returns site-specific profile for this user. Raises
SiteProfileNotAvailable if this site does not allow profiles.
"""
if not hasattr(self, '_profile_cache'):
from django.conf import settings
if not getattr(settings, 'AUTH_PROFILE_MODULE', False):
raise SiteProfileNotAvailable('You need to set
AUTH_PROFILE_MO'
'DULE in your project
settings')
try:
app_label, model_name =
settings.AUTH_PROFILE_MODULE.split('.')
except ValueError:
raise SiteProfileNotAvailable('app_label and
model_name should'
' be separated by a dot in the
AUTH_PROFILE_MODULE set'
'ting')
try:
model = models.get_model(app_label, model_name)
if model is None:
raise SiteProfileNotAvailable('Unable to load the
profile '
'model, check AUTH_PROFILE_MODULE in your
project sett'
'ings')
self._profile_cache =
model._default_manager.using(self._state.db).get(user__id__exact=self.id)
self._profile_cache.user = self
except (ImportError, ImproperlyConfigured):
raise SiteProfileNotAvailable
return self._profile_cache
def _get_message_set(self):
import warnings
warnings.warn('The user messaging API is deprecated. Please
update'
' your code to use the new messages framework.',
category=PendingDeprecationWarning)
return self._message_set
message_set = property(_get_message_set)
class Meta :
abstract = True
from django.conf import settings
from django.utils.importlib import import_module
def find_module_class(class_name):
if isinstance(class_name, basestring):
module, attr = class_name.rsplit('.', 1)
try:
mod = import_module(module)
except ImportError, e:
raise ImproperlyConfigured('Error importing model class
%s: "%s"' % (class_name, e))
try:
ClassRef = getattr(mod, attr)
except AttributeError, e:
raise ImproperlyConfigured('Error importing model class
%s: "%s"' % (class_name, e))
return ClassRef
raise ImproperlyConfigured('Error importing model class %s: "%s"'
% (class_name, e))
if hasattr(settings,'USER_AUTH_MODEL') and settings.USER_AUTH_MODEL :
settings.USER_AUTH_MODEL_CLASS =
find_module_class(settings.USER_AUTH_MODEL)
else :
settings.USER_AUTH_MODEL_CLASS = SimpleUserModel
class User(settings.USER_AUTH_MODEL_CLASS,AbstractUser):
"""
Just proxy class
"""
class Meta :
proxy = True
Current User-model will look like :
django.contrib.auth.user_model.py :
import datetime
from django.db import models
from django.contrib.auth.models import UserManager, Group, Permission
from django.utils.translation import ugettext_lazy as _
class User(models.Model):
username = models.CharField(_('username'), max_length=30,
unique=True, help_text=_("Required. 30 characters or fewer. Letters,
numbers and @/./+/-/_ characters"))
first_name = models.CharField(_('first name'), max_length=30,
blank=True)
last_name = models.CharField(_('last name'), max_length=30,
blank=True)
email = models.EmailField(_('e-mail address'), blank=True)
password = models.CharField(_('password'), max_length=128,
help_text=_("Use '[algo]$[salt]$[hexdigest]' or use the <a href=
\"password/\">change password form</a>."))
is_staff = models.BooleanField(_('staff status'), default=False,
help_text=_("Designates whether the user can log into this admin
site."))
is_active = models.BooleanField(_('active'), default=True,
help_text=_("Designates whether this user should be treated as active.
Unselect this instead of deleting accounts."))
is_superuser = models.BooleanField(_('superuser status'),
default=False, help_text=_("Designates that this user has all
permissions without explicitly assigning them."))
last_login = models.DateTimeField(_('last login'),
default=datetime.datetime.now)
date_joined = models.DateTimeField(_('date joined'),
default=datetime.datetime.now)
groups = models.ManyToManyField(Group, verbose_name=_('groups'),
blank=True, db_column='user', db_table=u'auth_user_groups',
help_text=_("In addition to the permissions manually assigned,
this user will also get all permissions granted to each group he/she
is in."))
user_permissions = models.ManyToManyField(Permission,
verbose_name=_('user permissions'), blank=True)
objects = UserManager()
class Meta :
db_table = u'auth_user'
verbose_name = _('user')
verbose_name_plural = _('users')
Custom User-model class, that will authenticate users using email and
password (little example) :
import datetime
from django.db import models
from django.contrib.auth.models import UserManager, Group, Permission
from django.utils.translation import ugettext_lazy as _
class User(models.Model):
email = models.EmailField(_('e-mail address'), blank=True)
password = models.CharField(_('password'), max_length=128,
help_text=_("Use '[algo]$[salt]$[hexdigest]' or use the <a href=
\"password/\">change password form</a>."))
groups = models.ManyToManyField(Group, verbose_name=_('groups'),
blank=True, db_column='user', db_table=u'auth_user_groups',
help_text=_("In addition to the permissions manually assigned,
this user will also get all permissions granted to each group he/she
is in."))
user_permissions = models.ManyToManyField(Permission,
verbose_name=_('user permissions'), blank=True)
objects = UserManager()
@property
def username(self):
return self.email
@property
def first_name(self):
"Returns the first_name plus the last_name, with a space in
between."
return self.email
def get_full_name(self):
"Returns the first_name plus the last_name, with a space in
between."
return self.email
def set_password(self, raw_password):
self.password = raw_password
def check_password(self, raw_password):
return self.password == raw_password
class Meta :
db_table = u'auth_user'
verbose_name = _('user')
verbose_name_plural = _('users')
By using properties in this example we are able to emulate classic
User-model.
Developer should be able to specify alternative User model class by
specifying it in settings.py.
For emulating first_name and other fields of User custom model
developer should use property() for hiding.
--
You received this message because you are subscribed to the Google Groups
"Django developers" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/django-developers?hl=en.
