> I would then write a simple decorator which checks the backends for
> that flag to determine if we should do a login_required or has_perm
> check.
> Because a real pluggable app would want to support both :)
No it wouldn't. It would either use the permission system or the
decorator for login_requ
> some documentation should also be added.
+ Tests
The question is, whether we want `supports_anonymous_users` to go away
at some point or stay forever (I would prefer if it went away and
every backend had to support anonymous users; then the patch would
need the usual deprecation warnings…).
Che
Added a patch to the ticket.
some documentation should also be added.
[1]
http://code.djangoproject.com/attachment/ticket/12557/supports_anonymous_users.diff
[2] http://code.djangoproject.com/attachment/ticket/12557
--
You received this message because you are subscribed to the Google Groups
I think the `supports_anonymous_users` thing is the best and most
simple solution.
The anonymous user should then only call has_perm/has_module_perms on
backends that have that set.
I would then write a simple decorator which checks the backends for
that flag to determine if we should do a login_
On Jan 26, 3:19 pm, Harro wrote:
> - If the default backend always returns false for anonymous users then
> pluggable apps have to either expect some row level permission system
> is installed and used or don't check permissions for things that an
> anonymous user can access.
Why do they have to e
On Tuesday 26 January 2010 12:12:23 Jari Pennanen wrote:
> I read from "1.2 beta" thread that this might make it to the 1.2
> beta of Django, any status on that? Is someone trying to commit
> the patches?
Florian Apolloner pointed out that it had backwards incompatibility
issues. I'm hoping to
I think so far we agree that we need to add something for anonymous
users, because the added enhancement currently doesn't add enough to
integrate row level permissions as they should be.
The problems are:
- Anonymous users should check the authentication backend for
permissions, so it is possible
I read from "1.2 beta" thread that this might make it to the 1.2 beta
of Django, any status on that? Is someone trying to commit the patches?
--
You received this message because you are subscribed to the Google Groups
"Django developers" group.
To post to this group, send email to django-develo
I just thought of another way this might be possible: signals.
Just add them to the anonymous user functions.
The signal would get passed a variable holding the currently returned
result, and then returns it.
That way you can hook into it and modify the result without breaking
the current behaviou
On Tuesday 19 January 2010 16:23:32 Harro wrote:
> And I guess making it truely awesome would require permissions for
> anonymoususers in the default backend too. :(
>
> If I have timeI'll see what I can come up with.
Ticket #9444 [1] is about that, and it had a lot of opposition.
It is hard or
oh also: It's kinda like the messages framework rewrite now supporting
messages for anonymous users.
And I guess making it truely awesome would require permissions for
anonymoususers in the default backend too. :(
If I have timeI'll see what I can come up with.
On Jan 19, 4:34 pm, Jannis Leidel
@Janis: I see your point,in my proposal the default model
authentication backend always returns False for the AnonymousUser.
That would indeed mean guest users have no access at all.
But I guess you could write a wrapper that used a function specified
in the settings (with a default pointing to a f
Am 19.01.2010 um 16:10 schrieb Luke Plant:
> On Tuesday 19 January 2010 14:23:06 Jannis Leidel wrote:
>
>>> I think the best argument in favor of it is using permissions
>>> with reusable applications. Say I have a wiki application I
>>> write, I don't know whether anonymous users should be abl
On Tuesday 19 January 2010 14:23:06 Jannis Leidel wrote:
> > I think the best argument in favor of it is using permissions
> > with reusable applications. Say I have a wiki application I
> > write, I don't know whether anonymous users should be able to
> > edit pages, I could make it a setting, b
> As you say - anonymous users are by definition not *authenticated*,
> but that does not be that they are not *authorised*. Permissions is
> about authorisation, not authentication, and Harro had some good
> examples where you want to control authorisation for non-authenticated
> users in a f
Am 18.01.2010 um 22:57 schrieb Alex Gaynor:
> On Mon, Jan 18, 2010 at 3:55 PM, Jannis Leidel wrote:
>>
>> Am 18.01.2010 um 22:26 schrieb Luke Plant:
>>
>>> Hi Harro,
>>>
Hmm I guess I'll just have to keep on hacking django then..
because that 1% case is something I keep running into
>
> The point is that as the developer of a reusable application you don't
> know what *anyone* can do, and you should be able to abstract that by
> querying the backend.
>
+1
As a reusable app developer, I'd prefer to develop my app and ship it with a
set of permissions which control access
@Luke: A simple is_active check with return False will also do so for
the AnonymousUser.
@Łukasz:That's up to the developer of the backend I think. But with
that you could disallow logged in users from going to the registration
page for instance. (I know not a great example, but just to show the
p
@Noah, You could also look at it as what a AnonymousUser can't do on
some objects (while it's possible on others).
-- Gert
Mobile: +32 498725202
Web: http://gert.selentic.net
2010/1/19 Noah Silas :
> I'm not certain I understand - if anyone can perform some action, what's the
> point of protec
2010/1/18 Noah Silas :
> I'm not certain I understand - if anyone can perform some action, what's the
> point of protecting it with a permissions check?
> ~Noah Silas
>
>
> 2010/1/18 Łukasz Rekucki
>>
>> 2010/1/18 Alex Gaynor :
>> > On Mon, Jan 18, 2010 at 3:55 PM, Jannis Leidel
>> > wrote:
>> >>
I'm not certain I understand - if anyone can perform some action, what's the
point of protecting it with a permissions check?
~Noah Silas
2010/1/18 Łukasz Rekucki
> 2010/1/18 Alex Gaynor :
> > On Mon, Jan 18, 2010 at 3:55 PM, Jannis Leidel
> wrote:
> >>
> >> Am 18.01.2010 um 22:26 schrieb Luke
2010/1/18 Alex Gaynor :
> On Mon, Jan 18, 2010 at 3:55 PM, Jannis Leidel wrote:
>>
>> Am 18.01.2010 um 22:26 schrieb Luke Plant:
>>
>>> Hi Harro,
>>>
Hmm I guess I'll just have to keep on hacking django then..
because that 1% case is something I keep running into for every
project i
On Monday 18 January 2010 21:55:58 Jannis Leidel wrote:
> > Anyone got a good reason reason why this *shouldn't* go in? I'm
> > +1 on committing.
>
> Hm, I don't see a good argument to allow anonymous users to have a
> permissions, to be honest. Anonymous users are by definition not
> authentic
On Mon, Jan 18, 2010 at 3:55 PM, Jannis Leidel wrote:
>
> Am 18.01.2010 um 22:26 schrieb Luke Plant:
>
>> Hi Harro,
>>
>>> Hmm I guess I'll just have to keep on hacking django then..
>>> because that 1% case is something I keep running into for every
>>> project in one way or another.
>>> And if i
Am 18.01.2010 um 22:26 schrieb Luke Plant:
> Hi Harro,
>
>> Hmm I guess I'll just have to keep on hacking django then..
>> because that 1% case is something I keep running into for every
>> project in one way or another.
>> And if it was designed for most apps, why was the row level
>> permissio
Hi Harro,
> Hmm I guess I'll just have to keep on hacking django then..
> because that 1% case is something I keep running into for every
> project in one way or another.
> And if it was designed for most apps, why was the row level
> permission bits added? It's useless without simply always bein
Hmm I guess I'll just have to keep on hacking django then..
because that 1% case is something I keep running into for every
project in one way or another.
And if it was designed for most apps, why was the row level permission
bits added? It's useless without simply always being able to call
request
Hi Harro,
Just create a special "AnonymousUser" as User with id=0, and set it up
with backend/middleware.
You'll have your permissions.
On Sun, Jan 17, 2010 at 2:45 PM, Harro wrote:
> Why wouldn't a AnonymousUser have permissions?
>
> Imagine a site where can create photo albums.
>
> User A crea
Why wouldn't a AnonymousUser have permissions?
Basically, this is senseless.
For some photo's you might want to disable rating and/
or commenting.
How often it is required to the user? In 99% of cases it is enough
specify in an album "can" or "can not". It's really overkill of features.
Why wouldn't a AnonymousUser have permissions?
Imagine a site where can create photo albums.
User A creates two photo albums, one to share with a specific set of
users and one that's public.
So Album A has no guest permissions, Album B has viewing permissions.
Now let's say you can also comment o
No. You need row based permissions if You will limit User(!) rights. For
example user can edit entries with FK 2. See
http://code.djangoproject.com/wiki/RowLevelPermissions
But AnonymousUser (Guest) don't have any permissions. It's a special and
that the guest can - it's not a permission - it'
Isn't the idea of row based permission that you don't need a special
model for that?
-- Gert
Mobile: +32 498725202
Web: http://gert.selentic.net
On Fri, Jan 15, 2010 at 13:55, Anton Bessonov wrote:
> Hello,
>
> It's a false place. All what you need - one Model for Settings.
>
> if SettingsMod
Hello,
It's a false place. All what you need - one Model for Settings.
if SettingsModel.objects.get(code='guest_can_comment'):
can_post
else:
cant_post
You can wrap this in one decorator function.
Harro schrieb:
Because the authentication backend now allows for role based
permissions you mi
Because the authentication backend now allows for role based
permissions you might have a blog post which anonymous users are
allowed to comment on (create_comment) and another they can't.
Now you would have to have a guest_can_comment flag or something on
the blog post and check that before displ
If an AnonymousUser can do something then everybody can do that as well.
So why a regular unprotected view can't do the job?
On Thu, Jan 14, 2010 at 8:13 AM, Harro wrote:
> I was having a look at the new 1.2 row level permission support that
> got added and ran into the problem that the Anonymou
I was having a look at the new 1.2 row level permission support that
got added and ran into the problem that the AnonymousUser does not
call the authentication backend functions.
The default backend doesn't need this, but with a custom backend I
might want to implement Guest permissions.
I think
36 matches
Mail list logo