On Thu, Jul 18, 2013 at 1:11 AM, Jon Dufresne <[email protected]> wrote: > On Wed, Jul 17, 2013 at 4:24 PM, Arnold Krille <[email protected]> wrote: >> >> Still interesting that you need authentication while not needing any >> authorization... > > > Oh, I see what you're saying. The login_required does not need to be added > explicitly, because it is added implicitly by the authorization check. Yeah > that makes sense. As every page will require some different authorization > anyway, there is no need for extra middleware. Is that right? >
No, that's not what he's saying. "authentication" -> "who am I?" "authorization" -> "am I allowed to do this?" His point was, even though every view requires authentication, it will also require authorization - checking that the user has permission to access that specific page. Presumably each page will have it's own, different permissions check - it's not something you can add with a single piece of middleware - and the way that one adds permission checks in django is an extension of the login_required decorator. IE, since you will need to add authorization checks to each view, this will implicitly have the same effect as adding login_required to each view. Cheers Tom -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/django-users. For more options, visit https://groups.google.com/groups/opt_out.
