Re: AnonymousUser has_perm/has_module_perms function check authentication backends

> I would then write a simple decorator which checks the backends for > that flag to determine if we should do a login_required or has_perm > check. > Because a real pluggable app would want to support both :) No it wouldn't. It would either use the permission system or the decorator for

Re: AnonymousUser has_perm/has_module_perms function check authentication backends

> some documentation should also be added. + Tests The question is, whether we want `supports_anonymous_users` to go away at some point or stay forever (I would prefer if it went away and every backend had to support anonymous users; then the patch would need the usual deprecation warnings…).

Re: AnonymousUser has_perm/has_module_perms function check authentication backends

Added a patch to the ticket. some documentation should also be added. [1] http://code.djangoproject.com/attachment/ticket/12557/supports_anonymous_users.diff [2] http://code.djangoproject.com/attachment/ticket/12557 -- You received this message because you are subscribed to the Google Groups

Re: AnonymousUser has_perm/has_module_perms function check authentication backends

I think the `supports_anonymous_users` thing is the best and most simple solution. The anonymous user should then only call has_perm/has_module_perms on backends that have that set. I would then write a simple decorator which checks the backends for that flag to determine if we should do a

Re: AnonymousUser has_perm/has_module_perms function check authentication backends

On Jan 26, 3:19 pm, Harro wrote: > - If the default backend always returns false for anonymous users then > pluggable apps have to either expect some row level permission system > is installed and used or don't check permissions for things that an > anonymous user can access.

Re: AnonymousUser has_perm/has_module_perms function check authentication backends

On Tuesday 26 January 2010 12:12:23 Jari Pennanen wrote: > I read from "1.2 beta" thread that this might make it to the 1.2 > beta of Django, any status on that? Is someone trying to commit > the patches? Florian Apolloner pointed out that it had backwards incompatibility issues. I'm hoping

Re: AnonymousUser has_perm/has_module_perms function check authentication backends

I think so far we agree that we need to add something for anonymous users, because the added enhancement currently doesn't add enough to integrate row level permissions as they should be. The problems are: - Anonymous users should check the authentication backend for permissions, so it is

Re: AnonymousUser has_perm/has_module_perms function check authentication backends

I read from "1.2 beta" thread that this might make it to the 1.2 beta of Django, any status on that? Is someone trying to commit the patches? -- You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to

Re: AnonymousUser has_perm/has_module_perms function check authentication backends

I just thought of another way this might be possible: signals. Just add them to the anonymous user functions. The signal would get passed a variable holding the currently returned result, and then returns it. That way you can hook into it and modify the result without breaking the current

Re: AnonymousUser has_perm/has_module_perms function check authentication backends

On Tuesday 19 January 2010 16:23:32 Harro wrote: > And I guess making it truely awesome would require permissions for > anonymoususers in the default backend too. :( > > If I have timeI'll see what I can come up with. Ticket #9444 [1] is about that, and it had a lot of opposition. It is hard

Re: AnonymousUser has_perm/has_module_perms function check authentication backends

oh also: It's kinda like the messages framework rewrite now supporting messages for anonymous users. And I guess making it truely awesome would require permissions for anonymoususers in the default backend too. :( If I have timeI'll see what I can come up with. On Jan 19, 4:34 pm, Jannis Leidel

Re: AnonymousUser has_perm/has_module_perms function check authentication backends

@Janis: I see your point,in my proposal the default model authentication backend always returns False for the AnonymousUser. That would indeed mean guest users have no access at all. But I guess you could write a wrapper that used a function specified in the settings (with a default pointing to a

Re: AnonymousUser has_perm/has_module_perms function check authentication backends

Am 19.01.2010 um 16:10 schrieb Luke Plant: > On Tuesday 19 January 2010 14:23:06 Jannis Leidel wrote: > >>> I think the best argument in favor of it is using permissions >>> with reusable applications. Say I have a wiki application I >>> write, I don't know whether anonymous users should be

Re: AnonymousUser has_perm/has_module_perms function check authentication backends

On Tuesday 19 January 2010 14:23:06 Jannis Leidel wrote: > > I think the best argument in favor of it is using permissions > > with reusable applications. Say I have a wiki application I > > write, I don't know whether anonymous users should be able to > > edit pages, I could make it a setting,

Re: AnonymousUser has_perm/has_module_perms function check authentication backends

> As you say - anonymous users are by definition not *authenticated*, > but that does not be that they are not *authorised*. Permissions is > about authorisation, not authentication, and Harro had some good > examples where you want to control authorisation for non-authenticated > users in a

Re: AnonymousUser has_perm/has_module_perms function check authentication backends

Am 18.01.2010 um 22:57 schrieb Alex Gaynor: > On Mon, Jan 18, 2010 at 3:55 PM, Jannis Leidel wrote: >> >> Am 18.01.2010 um 22:26 schrieb Luke Plant: >> >>> Hi Harro, >>> Hmm I guess I'll just have to keep on hacking django then.. because that 1% case is

Re: AnonymousUser has_perm/has_module_perms function check authentication backends

> > The point is that as the developer of a reusable application you don't > know what *anyone* can do, and you should be able to abstract that by > querying the backend. > +1 As a reusable app developer, I'd prefer to develop my app and ship it with a set of permissions which control access

Re: AnonymousUser has_perm/has_module_perms function check authentication backends

@Luke: A simple is_active check with return False will also do so for the AnonymousUser. @Łukasz:That's up to the developer of the backend I think. But with that you could disallow logged in users from going to the registration page for instance. (I know not a great example, but just to show the

Re: AnonymousUser has_perm/has_module_perms function check authentication backends

@Noah, You could also look at it as what a AnonymousUser can't do on some objects (while it's possible on others). -- Gert Mobile: +32 498725202 Web: http://gert.selentic.net 2010/1/19 Noah Silas : > I'm not certain I understand - if anyone can perform some action, what's the

Re: AnonymousUser has_perm/has_module_perms function check authentication backends

2010/1/18 Noah Silas : > I'm not certain I understand - if anyone can perform some action, what's the > point of protecting it with a permissions check? > ~Noah Silas > > > 2010/1/18 Łukasz Rekucki >> >> 2010/1/18 Alex Gaynor : >> > On

Re: AnonymousUser has_perm/has_module_perms function check authentication backends

I'm not certain I understand - if anyone can perform some action, what's the point of protecting it with a permissions check? ~Noah Silas 2010/1/18 Łukasz Rekucki > 2010/1/18 Alex Gaynor : > > On Mon, Jan 18, 2010 at 3:55 PM, Jannis Leidel

Re: AnonymousUser has_perm/has_module_perms function check authentication backends

2010/1/18 Alex Gaynor : > On Mon, Jan 18, 2010 at 3:55 PM, Jannis Leidel wrote: >> >> Am 18.01.2010 um 22:26 schrieb Luke Plant: >> >>> Hi Harro, >>> Hmm I guess I'll just have to keep on hacking django then.. because that 1% case is something

Re: AnonymousUser has_perm/has_module_perms function check authentication backends

On Monday 18 January 2010 21:55:58 Jannis Leidel wrote: > > Anyone got a good reason reason why this *shouldn't* go in? I'm > > +1 on committing. > > Hm, I don't see a good argument to allow anonymous users to have a > permissions, to be honest. Anonymous users are by definition not >

Re: AnonymousUser has_perm/has_module_perms function check authentication backends

On Mon, Jan 18, 2010 at 3:55 PM, Jannis Leidel wrote: > > Am 18.01.2010 um 22:26 schrieb Luke Plant: > >> Hi Harro, >> >>> Hmm I guess I'll just have to keep on hacking django then.. >>> because that 1% case is something I keep running into for every >>> project in one way or

Re: AnonymousUser has_perm/has_module_perms function check authentication backends

Am 18.01.2010 um 22:26 schrieb Luke Plant: > Hi Harro, > >> Hmm I guess I'll just have to keep on hacking django then.. >> because that 1% case is something I keep running into for every >> project in one way or another. >> And if it was designed for most apps, why was the row level >>

Re: AnonymousUser has_perm/has_module_perms function check authentication backends

Hi Harro, > Hmm I guess I'll just have to keep on hacking django then.. > because that 1% case is something I keep running into for every > project in one way or another. > And if it was designed for most apps, why was the row level > permission bits added? It's useless without simply always

Re: AnonymousUser has_perm/has_module_perms function check authentication backends

Hi Harro, Just create a special "AnonymousUser" as User with id=0, and set it up with backend/middleware. You'll have your permissions. On Sun, Jan 17, 2010 at 2:45 PM, Harro wrote: > Why wouldn't a AnonymousUser have permissions? > > Imagine a site where can create photo

Re: AnonymousUser has_perm/has_module_perms function check authentication backends

Why wouldn't a AnonymousUser have permissions? Basically, this is senseless. For some photo's you might want to disable rating and/ or commenting. How often it is required to the user? In 99% of cases it is enough specify in an album "can" or "can not". It's really overkill of

Re: AnonymousUser has_perm/has_module_perms function check authentication backends

Why wouldn't a AnonymousUser have permissions? Imagine a site where can create photo albums. User A creates two photo albums, one to share with a specific set of users and one that's public. So Album A has no guest permissions, Album B has viewing permissions. Now let's say you can also comment

Re: AnonymousUser has_perm/has_module_perms function check authentication backends

No. You need row based permissions if You will limit User(!) rights. For example user can edit entries with FK 2. See http://code.djangoproject.com/wiki/RowLevelPermissions But AnonymousUser (Guest) don't have any permissions. It's a special and that the guest can - it's not a permission -

Re: AnonymousUser has_perm/has_module_perms function check authentication backends

Isn't the idea of row based permission that you don't need a special model for that? -- Gert Mobile: +32 498725202 Web: http://gert.selentic.net On Fri, Jan 15, 2010 at 13:55, Anton Bessonov wrote: > Hello, > > It's a false place. All what you need - one Model for

Re: AnonymousUser has_perm/has_module_perms function check authentication backends

Hello, It's a false place. All what you need - one Model for Settings. if SettingsModel.objects.get(code='guest_can_comment'): can_post else: cant_post You can wrap this in one decorator function. Harro schrieb: Because the authentication backend now allows for role based permissions you

Re: AnonymousUser has_perm/has_module_perms function check authentication backends

Because the authentication backend now allows for role based permissions you might have a blog post which anonymous users are allowed to comment on (create_comment) and another they can't. Now you would have to have a guest_can_comment flag or something on the blog post and check that before

Re: AnonymousUser has_perm/has_module_perms function check authentication backends

If an AnonymousUser can do something then everybody can do that as well. So why a regular unprotected view can't do the job? On Thu, Jan 14, 2010 at 8:13 AM, Harro wrote: > I was having a look at the new 1.2 row level permission support that > got added and ran into the

AnonymousUser has_perm/has_module_perms function check authentication backends

I was having a look at the new 1.2 row level permission support that got added and ran into the problem that the AnonymousUser does not call the authentication backend functions. The default backend doesn't need this, but with a custom backend I might want to implement Guest permissions. I think