On Thu, Jul 18, 2013 at 1:36 AM, Tom Evans <[email protected]> wrote:
> On Thu, Jul 18, 2013 at 1:11 AM, Jon Dufresne <[email protected]> > wrote: > > Oh, I see what you're saying. The login_required does not need to be > added > > explicitly, because it is added implicitly by the authorization check. > Yeah > > that makes sense. As every page will require some different authorization > > anyway, there is no need for extra middleware. Is that right? > > > > No, that's not what he's saying. > > "authentication" -> "who am I?" > "authorization" -> "am I allowed to do this?" > > His point was, even though every view requires authentication, it will > also require authorization - checking that the user has permission to > access that specific page. Presumably each page will have it's own, > different permissions check - it's not something you can add with a > single piece of middleware - and the way that one adds permission > checks in django is an extension of the login_required decorator. > > IE, since you will need to add authorization checks to each view, this > will implicitly have the same effect as adding login_required to each > view. > Yeah. That is what I said. Authorization check implies an authentication check. -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/django-users. For more options, visit https://groups.google.com/groups/opt_out.
