Someone created a ticket to raise this issue again. I found several improper usages with GitHub code search. Is there any support for the idea or would it be too much magic? My own opinion is that if you don't have tests to catch the mistake in the first place, you're doing it wrong.
https://code.djangoproject.com/ticket/25847 On Thursday, April 10, 2008 at 1:06:37 PM UTC-4, David Cramer wrote: > > I wouldn't say insecure, but its a big gotcha. I've done it a quite a > few times where I forgot the () :) > > On Apr 10, 5:53 am, Thomas Guettler <h...@tbz-pariv.de> wrote: > > Hi, > > > > is_staff, is_active, is_superuser are attributes. > > > > is_anonymous, is_authenticated are methods. > > > > This is insecure if you are not careful while programming: > > > > if user.is_authenticated: > > ....# Always true, since it is a method! > > > > It would be nice to find a solution. Here is what I thought: > > > > Make is_authenticated a property which returns a object > > which evaluates to the proper boolean value. This object > > has a method __call__ which returns the same value. > > > > This is backwards compatible. > > > > Thomas > > > > -- > > Thomas Guettler,http://www.thomas-guettler.de/ > > E-Mail: guettli (*) thomas-guettler + de -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To post to this group, send email to django-developers@googlegroups.com. Visit this group at http://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/df236217-bc38-4ceb-8d1e-1da18268c81c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
