> > On the other hand, maybe it's a good idea to report a warning in the > __bool__ method? In most cases, bool(AnonymousUser) is a programming error, > and not a valid code, so this might be helpful. >
bool(AnonymousUser) is very pythonic, not a "programming error". The rules for python's truthy/falsey are mostly "empty string, 0 (int/float/fraction...), False and None are falsey, the rest are truthy". Making AnonymousUser anything other than truthy just seems wrong to me. On 1 June 2017 at 10:22, Linus Lewandowski <li...@lew21.net> wrote: > In my mental model, the request either was sent by a user (that has a User > object) or not (and in this case it should be None, or at least something > that works like None). However, looks like the majority of you have a > different model, so I'm not going to press for that. > > On the other hand, maybe it's a good idea to report a warning in the > __bool__ method? In most cases, bool(AnonymousUser) is a programming error, > and not a valid code, so this might be helpful. > > We could make it a warning forever, or use RemovedInDjango30Warning, and > then switch to return False OR an exception in 3.0. > > Linus > > > On Thu, Jun 1, 2017 at 9:34 AM Brice PARENT <cont...@brice.xyz> wrote: > >> Wouldn't that be better placed in a linter library (such as *django_linter >> <https://github.com/geerk/django_linter>*)? The syntax is right, it >> really does what it describes, but it may be wrongly understood, so the >> syntax could be pointed out as possible cause of bug, but the behaviour we >> have now seems totally logic and the change would probably have side >> effects on many projects. >> >> I'm not using specific linters other than the one included in PyCharm, >> but it would probably be a good idea, when you write "if request.user:" to >> have it propose to rewrite it as "if request.user.is_authenticated:" if >> it's what we meant. >> >> -- Brice >> >> Le 31/05/17 à 18:44, li...@lew21.net a écrit : >> >> I suggest adding __bool__() method returning False to the AnonymousUser >> class. >> >> This way it'll be possible to check if the user is authenticated by >> simply writing "if request.user:" >> >> It's a frequent source of bugs (at least for me, but probably I'm not >> alone) that right now this code returns True for anonymous users. If >> unnoticed, such bugs can also lead to security issues. >> >> Related ticket: https://code.djangoproject.com/ticket/28259 >> -- >> You received this message because you are subscribed to the Google Groups >> "Django developers (Contributions to Django itself)" group. >> >> To unsubscribe from this group and stop receiving emails from it, send an >> email to django-developers+unsubscr...@googlegroups.com. >> >> >> To post to this group, send email to django-developers@googlegroups.com. >> Visit this group at https://groups.google.com/group/django-developers. >> To view this discussion on the web visit https://groups.google.com/d/ >> msgid/django-developers/065eb9a5-d935-466d-a301- >> d7de87e6fbb0%40googlegroups.com >> <https://groups.google.com/d/msgid/django-developers/065eb9a5-d935-466d-a301-d7de87e6fbb0%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> For more options, visit https://groups.google.com/d/optout. >> >> -- >> You received this message because you are subscribed to a topic in the >> Google Groups "Django developers (Contributions to Django itself)" group. >> To unsubscribe from this topic, visit https://groups.google.com/d/ >> topic/django-developers/rGWdttZO06g/unsubscribe. >> To unsubscribe from this group and all its topics, send an email to >> django-developers+unsubscr...@googlegroups.com. >> To post to this group, send email to django-developers@googlegroups.com. >> Visit this group at https://groups.google.com/group/django-developers. >> To view this discussion on the web visit https://groups.google.com/d/ >> msgid/django-developers/ba96fd99-43ce-2a0b-b79f-eed955bc7be8%40brice.xyz >> <https://groups.google.com/d/msgid/django-developers/ba96fd99-43ce-2a0b-b79f-eed955bc7be8%40brice.xyz?utm_medium=email&utm_source=footer> >> . >> For more options, visit https://groups.google.com/d/optout. >> > -- > You received this message because you are subscribed to the Google Groups > "Django developers (Contributions to Django itself)" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to django-developers+unsubscr...@googlegroups.com. > To post to this group, send email to django-developers@googlegroups.com. > Visit this group at https://groups.google.com/group/django-developers. > To view this discussion on the web visit https://groups.google.com/d/ > msgid/django-developers/CAB96mebXAH5SLN3p2wDCtvQs4POVD > 6Xrh-NHOLVM31Q%3DUvX_NQ%40mail.gmail.com > <https://groups.google.com/d/msgid/django-developers/CAB96mebXAH5SLN3p2wDCtvQs4POVD6Xrh-NHOLVM31Q%3DUvX_NQ%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > > For more options, visit https://groups.google.com/d/optout. > -- Adam -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To post to this group, send email to django-developers@googlegroups.com. Visit this group at https://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/CAMyDDM0uvJCU3Me9KHeCRnUWi25D-cOjdWNcRJGufuzHbPtZmA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
