On a somewhat unrelated note, is_authenticated really only makes sense when using request.user.is_authenticated. If you simply query a user from the database, is_authenticated will be True, which doesn't make any sense outside the context of a request. is_anonymous makes sense, is_authenticated doesn't work as well.
On Wed, Dec 2, 2015 at 9:19 AM, Tim Graham <timogra...@gmail.com> wrote: > Someone created a ticket to raise this issue again. I found several > improper usages with GitHub code search. Is there any support for the idea > or would it be too much magic? My own opinion is that if you don't have > tests to catch the mistake in the first place, you're doing it wrong. > > https://code.djangoproject.com/ticket/25847 > > On Thursday, April 10, 2008 at 1:06:37 PM UTC-4, David Cramer wrote: >> >> I wouldn't say insecure, but its a big gotcha. I've done it a quite a >> few times where I forgot the () :) >> >> On Apr 10, 5:53 am, Thomas Guettler <h...@tbz-pariv.de> wrote: >> > Hi, >> > >> > is_staff, is_active, is_superuser are attributes. >> > >> > is_anonymous, is_authenticated are methods. >> > >> > This is insecure if you are not careful while programming: >> > >> > if user.is_authenticated: >> > ....# Always true, since it is a method! >> > >> > It would be nice to find a solution. Here is what I thought: >> > >> > Make is_authenticated a property which returns a object >> > which evaluates to the proper boolean value. This object >> > has a method __call__ which returns the same value. >> > >> > This is backwards compatible. >> > >> > Thomas >> > >> > -- >> > Thomas Guettler,http://www.thomas-guettler.de/ >> > E-Mail: guettli (*) thomas-guettler + de > > -- > You received this message because you are subscribed to the Google Groups > "Django developers (Contributions to Django itself)" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to django-developers+unsubscr...@googlegroups.com. > To post to this group, send email to django-developers@googlegroups.com. > Visit this group at http://groups.google.com/group/django-developers. > To view this discussion on the web visit > https://groups.google.com/d/msgid/django-developers/df236217-bc38-4ceb-8d1e-1da18268c81c%40googlegroups.com > <https://groups.google.com/d/msgid/django-developers/df236217-bc38-4ceb-8d1e-1da18268c81c%40googlegroups.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To post to this group, send email to django-developers@googlegroups.com. Visit this group at http://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/CAFO84S7AWu_0a4nPS%3DsZAxwy3MvXXYg%3DqBbwKDHwrhD-rVpWag%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
