Yeah
> > that makes sense. As every page will require some different authorization
> > anyway, there is no need for extra middleware. Is that right?
> >
>
> No, that's not what he's saying.
>
> "authentication" -> "who am I?"
> &
.
"authentication" -> "who am I?"
"authorization" -> "am I allowed to do this?"
His point was, even though every view requires authentication, it will
also require authorization - checking that the user has permission to
access that specific page. Presu
On Wed, Jul 17, 2013 at 4:24 PM, Arnold Krille wrote:
> Still interesting that you need authentication while not needing any
> authorization...
Oh, I see what you're saying. The login_required does not need to be added
explicitly, because it is added implicitly by the authorization check. Yeah
On Wed, 17 Jul 2013 14:18:54 -0700 Jon Dufresne
wrote:
> On Wed, Jul 17, 2013 at 1:25 PM, Arnold Krille
> wrote:
>
> > On Wed, 17 Jul 2013 11:22:36 -0700 Jon Dufresne
> > wrote:The standard-way depende on your
> > views:
> > - If its function-based views, use the @login_required-decorator.
> >
On Wed, Jul 17, 2013 at 1:25 PM, Arnold Krille wrote:
> On Wed, 17 Jul 2013 11:22:36 -0700 Jon Dufresne
> wrote:The standard-way depende on your views:
> - If its function-based views, use the @login_required-decorator.
> - For class-based views we use the LoginRequiredMixin from
>django-b
On Wed, 17 Jul 2013 11:22:36 -0700 Jon Dufresne
wrote:
> My application requires an authenticated user for every view (with
> very few exceptions). Is there a standard correct way to handle this
> or should I roll my own middleware? I'm probably not the first have
> this requirement.
The standard
My application requires an authenticated user for every view (with very few
exceptions). Is there a standard correct way to handle this or should I
roll my own middleware? I'm probably not the first have this requirement.
--
You received this message because you are subscribed to the Google Group
7 matches
Mail list logo
