On Wed, Jul 17, 2013 at 1:25 PM, Arnold Krille <[email protected]> wrote:
> On Wed, 17 Jul 2013 11:22:36 -0700 Jon Dufresne > <[email protected]> wrote:The standard-way depende on your views: > - If its function-based views, use the @login_required-decorator. > - For class-based views we use the LoginRequiredMixin from > django-braces. > Thanks. This is a whitelist approach to the problem. That is, I must specify every view that requires login. As nearly 99% of my views will require authentication, I'd prefer to take a blacklist approach. That is, all views are assumed to require login, unless I annotate the views to not require a login. This avoids accidentally leaving views publicly accessible when someone forgets the login_required decorator (or CBV equivalent). I can achieve this with middleware (and maybe a decorator), but it occurred to me that others probably already do this as well. I am curious if there is a canonical approach or implementation that others use for this very purpose. Thanks, Jon -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/django-users. For more options, visit https://groups.google.com/groups/opt_out.
