#30040: Use a default permission name in docs examples to avoid confusion
-------------------------------------+-------------------------------------
     Reporter:  Adrian Samatan       |                    Owner:  2w3
         Type:                       |                   Status:  assigned
  Cleanup/optimization               |
    Component:  Documentation        |                  Version:  2.1
     Severity:  Normal               |               Resolution:
     Keywords:  template             |             Triage Stage:  Accepted
  permissions documentation          |
    Has patch:  1                    |      Needs documentation:  0
  Needs tests:  0                    |  Patch needs improvement:  1
Easy pickings:  0                    |                    UI/UX:  0
-------------------------------------+-------------------------------------

Comment (by James Pic):

 I kind of agree with everybody here. But from a higher perspective, it
 seems to me that the stake is rather to teach the user how to add a
 backend that supports can vote, ie.:

 "Now, create a polls/backend.py file with the following:

 {{{
 class AuthenticationBackend:
     def authenticate(self, *args):
         """
         Always return ``None`` to prevent authentication within this
 backend.
         """
         return None

     def has_perm(self, user_obj, perm, obj=None):
         if not perm.startswith('polls.'):
             return False

         # only allow authenticated users to vote for example
         if not user_obj.is_authenticated:
             return False

         if 'voters' in user_obj.groups.values_list('name', flat=True)
             return True
 )
 }}}

 Then add it to settings:


 {{{
 AUTHENTICATION_BACKENDS = [
     'django.contrib.auth.backends.ModelBackend',
     'polls.backends.AuthenticationBackend',
 ]
 }}}

 IMHO, teaching how to hack the permission system to their liking is what's
 a stake here, rather than the name of the permission. Otherwise, users
 might do manual permission checking in the template, instead of going
 through the permission abstraction layer, and their permission refactoring
 will be a lot harder - only tests can save them.

 Sorry my text isn't good/worked out so that you can just reuse it, but I
 hope that should give you some ideas.

-- 
Ticket URL: <https://code.djangoproject.com/ticket/30040#comment:9>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/066.cfeedeb3febb7c05da90af14237afdce%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to