On May 11, 2017 12:44 PM, "Uzair Tariq" <[email protected]> wrote:
Thanks man! So basically my example and deduction of the sentence was right about the anonymous and inactive authenticated users where i stated that the anonymous may be able to view the public profile but if it's an inactive authenticated user because of some reason he may be directed to some other error page because of is_active() permission check and he wont be able to view even public profile because the whole system will logically be promoting about account activation or any sort of equivalent reason/error. While your assertion is correct, if you do not allow inactive users to authenticate, then part of your work flow for setting them as inactive should include clearing any existing sessions for that user when the flag is flipped. This way, your inactive users should become anonymous users automatically when they next visit your site (you may need other logic for redirects back to the original page, since the browser may still think it is logged in). No need to worry about authorization for inactive authenticated users in that case, since you won't have any. -James -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/django-users. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CA%2Be%2BciXZjE7SALZ-0ewdiTmUEeDzVK7wAUH-dct8OZ%3D%2BnczuvA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
