I'm trying to convert an existing project to have a "guest user" experience that is very much like a logged in user with some minor differences. Does anyone have opinions, or a pointer to some guides about the best practices around this?
We already have foreign keys in a few places that point to settings.AUTH_USER_MODEL, and AnonymousUser doesn't work there. TBH all my Django projects have required a login or a completely different experience for anonymous users, but it seems like there are lots of potential and subtle pitfalls. Some ideas we're considering: * class: make a new user class, GuestUser, based on AbstractBaseUser and some how have each session create a new one of these (then expire these aggressively) * user: have a single global guestuser that's a real user. I imagine we need middleware to make anonymous users become this automatically and without a password. * DB: update models to have a separate foreign key or is_guest_flag to indicate a guest user (or the global guest user) and code around this. * groups: create a batch of users in a special group and "login" anonymous sessions to one of these automatically. Works with the usual permissions nicely. Has the benefit of letting us have a limit on these, but seems like class with a lot of extra work to manage and expire these. Leading questions: * How to keep it simple? * Is there a pre-made solution? * How do we promote guest users to real users? * Which approach breaks the least 3rd party packages? Our current favorite is the class approach. In djangoSHOP they set is_active=False and have clearly thought through this in the context of a shopping site with extremely important guest shopping-carts (link below). Related links: * https://django-shop.readthedocs.io/en/latest/reference/customer-model.html * https://simpleisbetterthancomplex.com/tutorial/2016/07/22/how-to-extend-django-user-model.html * https://simpleisbetterthancomplex.com/tutorial/2018/01/18/how-to-implement-multiple-user-types-with-django.html Thanks, /charles -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/bd3d9b4f-e963-49a5-9d03-59388658d295%40googlegroups.com.
