From 51705f60b1b561b3e44d1ff3d02bc12d7af26d9f Mon Sep 17 00:00:00 2001 From: Malcolm Tredinnick Date: Wed, 19 Jul 2006 02:09:26 +0000 Subject: [PATCH] Fixed #2332 -- Introduced is_authenticated() method on User and AnonymousUser classes. Recommended its use over is_anonymous in the docs. Changed internal Django use to match this recommendation. Thanks to SmileyChris and Gary Wilson for the patch. git-svn-id: http://code.djangoproject.com/svn/django/trunk@3360 bcc190cf-cafb-0310-a4f2-bffc1f526a37 --- .../contrib/admin/templates/admin/base.html | 4 +-- django/contrib/admin/views/decorators.py | 2 +- django/contrib/auth/decorators.py | 2 +- django/contrib/auth/models.py | 8 +++++ .../comments/templates/comments/form.html | 6 ++-- .../contrib/comments/templatetags/comments.py | 2 +- django/contrib/comments/views/comments.py | 2 +- django/contrib/comments/views/karma.py | 2 +- django/contrib/flatpages/views.py | 2 +- django/views/generic/create_update.py | 12 ++++---- docs/authentication.txt | 29 +++++++++++-------- docs/request_response.txt | 8 ++--- 12 files changed, 46 insertions(+), 33 deletions(-) diff --git a/django/contrib/admin/templates/admin/base.html b/django/contrib/admin/templates/admin/base.html index 114f98c369..41514e6a81 100644 --- a/django/contrib/admin/templates/admin/base.html +++ b/django/contrib/admin/templates/admin/base.html @@ -20,9 +20,9 @@
{% block branding %}{% endblock %}
- {% if not user.is_anonymous %}{% if user.is_staff %} + {% if user.is_authenticated and user.is_staff %}
{% trans 'Welcome,' %} {% if user.first_name %}{{ user.first_name|escape }}{% else %}{{ user.username }}{% endif %}. {% block userlinks %}{% trans 'Documentation' %} / {% trans 'Change password' %} / {% trans 'Log out' %}{% endblock %}
- {% endif %}{% endif %} + {% endif %} {% block nav-global %}{% endblock %} diff --git a/django/contrib/admin/views/decorators.py b/django/contrib/admin/views/decorators.py index 250c585220..fce50909f0 100644 --- a/django/contrib/admin/views/decorators.py +++ b/django/contrib/admin/views/decorators.py @@ -46,7 +46,7 @@ def staff_member_required(view_func): member, displaying the login page if necessary. """ def _checklogin(request, *args, **kwargs): - if not request.user.is_anonymous() and request.user.is_staff: + if request.user.is_authenticated() and request.user.is_staff: # The user is valid. Continue to the admin page. if request.POST.has_key('post_data'): # User must have re-authenticated through a different window diff --git a/django/contrib/auth/decorators.py b/django/contrib/auth/decorators.py index bc8ec39115..222c311e9c 100644 --- a/django/contrib/auth/decorators.py +++ b/django/contrib/auth/decorators.py @@ -17,7 +17,7 @@ def user_passes_test(test_func, login_url=LOGIN_URL): return _checklogin return _dec -login_required = user_passes_test(lambda u: not u.is_anonymous()) +login_required = user_passes_test(lambda u: u.is_authenticated()) login_required.__doc__ = ( """ Decorator for views that checks that the user is logged in, redirecting diff --git a/django/contrib/auth/models.py b/django/contrib/auth/models.py index cca3c62252..c201fc6232 100644 --- a/django/contrib/auth/models.py +++ b/django/contrib/auth/models.py @@ -125,6 +125,11 @@ class User(models.Model): def is_anonymous(self): "Always returns False. This is a way of comparing User objects to anonymous users." return False + + def is_authenticated(self): + """Always return True. This is a way to tell if the user has been authenticated in templates. + """ + return True def get_full_name(self): "Returns the first_name plus the last_name, with a space in between." @@ -293,3 +298,6 @@ class AnonymousUser(object): def is_anonymous(self): return True + + def is_authenticated(self): + return False diff --git a/django/contrib/comments/templates/comments/form.html b/django/contrib/comments/templates/comments/form.html index 4a6b5fc320..c5aa7686a3 100644 --- a/django/contrib/comments/templates/comments/form.html +++ b/django/contrib/comments/templates/comments/form.html @@ -2,10 +2,10 @@ {% if display_form %}
-{% if user.is_anonymous %} -


{% trans "Password:" %} ({% trans "Forgotten your password?" %})

-{% else %} +{% if user.is_authenticated %}

{% trans "Username:" %} {{ user.username }} ({% trans "Log out" %})

+{% else %} +


{% trans "Password:" %} ({% trans "Forgotten your password?" %})

{% endif %} {% if ratings_optional or ratings_required %} diff --git a/django/contrib/comments/templatetags/comments.py b/django/contrib/comments/templatetags/comments.py index a3893fdf61..c3a2fd40d8 100644 --- a/django/contrib/comments/templatetags/comments.py +++ b/django/contrib/comments/templatetags/comments.py @@ -114,7 +114,7 @@ class CommentListNode(template.Node): comment_list = get_list_function(**kwargs).order_by(self.ordering + 'submit_date').select_related() if not self.free: - if context.has_key('user') and not context['user'].is_anonymous(): + if context.has_key('user') and context['user'].is_authenticated(): user_id = context['user'].id context['user_can_moderate_comments'] = Comment.objects.user_is_moderator(context['user']) else: diff --git a/django/contrib/comments/views/comments.py b/django/contrib/comments/views/comments.py index c32a82f4d8..41459bf46c 100644 --- a/django/contrib/comments/views/comments.py +++ b/django/contrib/comments/views/comments.py @@ -63,7 +63,7 @@ class PublicCommentManipulator(AuthenticationForm): validator_list=get_validator_list(8), ), ]) - if not user.is_anonymous(): + if user.is_authenticated(): self["username"].is_required = False self["username"].validator_list = [] self["password"].is_required = False diff --git a/django/contrib/comments/views/karma.py b/django/contrib/comments/views/karma.py index becb02e128..8c18523feb 100644 --- a/django/contrib/comments/views/karma.py +++ b/django/contrib/comments/views/karma.py @@ -15,7 +15,7 @@ def vote(request, comment_id, vote): rating = {'up': 1, 'down': -1}.get(vote, False) if not rating: raise Http404, "Invalid vote" - if request.user.is_anonymous(): + if not request.user.is_authenticated(): raise Http404, _("Anonymous users cannot vote") try: comment = Comment.objects.get(pk=comment_id) diff --git a/django/contrib/flatpages/views.py b/django/contrib/flatpages/views.py index 1441f6f3a3..4ad24795f7 100644 --- a/django/contrib/flatpages/views.py +++ b/django/contrib/flatpages/views.py @@ -22,7 +22,7 @@ def flatpage(request, url): f = get_object_or_404(FlatPage, url__exact=url, sites__id__exact=settings.SITE_ID) # If registration is required for accessing this page, and the user isn't # logged in, redirect to the login page. - if f.registration_required and request.user.is_anonymous(): + if f.registration_required and not request.user.is_authenticated(): from django.contrib.auth.views import redirect_to_login return redirect_to_login(request.path) if f.template_name: diff --git a/django/views/generic/create_update.py b/django/views/generic/create_update.py index b5fdd3e4cc..a5b852c8d6 100644 --- a/django/views/generic/create_update.py +++ b/django/views/generic/create_update.py @@ -20,7 +20,7 @@ def create_object(request, model, template_name=None, the form wrapper for the object """ if extra_context is None: extra_context = {} - if login_required and request.user.is_anonymous(): + if login_required and not request.user.is_authenticated(): return redirect_to_login(request.path) manipulator = model.AddManipulator(follow=follow) @@ -39,7 +39,7 @@ def create_object(request, model, template_name=None, # No errors -- this means we can save the data! new_object = manipulator.save(new_data) - if not request.user.is_anonymous(): + if request.user.is_authenticated(): request.user.message_set.create(message="The %s was created successfully." % model._meta.verbose_name) # Redirect to the new object: first by trying post_save_redirect, @@ -86,7 +86,7 @@ def update_object(request, model, object_id=None, slug=None, the original object being edited """ if extra_context is None: extra_context = {} - if login_required and request.user.is_anonymous(): + if login_required and not request.user.is_authenticated(): return redirect_to_login(request.path) # Look up the object to be edited @@ -113,7 +113,7 @@ def update_object(request, model, object_id=None, slug=None, if not errors: object = manipulator.save(new_data) - if not request.user.is_anonymous(): + if request.user.is_authenticated(): request.user.message_set.create(message="The %s was updated successfully." % model._meta.verbose_name) # Do a post-after-redirect so that reload works, etc. @@ -162,7 +162,7 @@ def delete_object(request, model, post_delete_redirect, the original object being deleted """ if extra_context is None: extra_context = {} - if login_required and request.user.is_anonymous(): + if login_required and not request.user.is_authenticated(): return redirect_to_login(request.path) # Look up the object to be edited @@ -180,7 +180,7 @@ def delete_object(request, model, post_delete_redirect, if request.method == 'POST': object.delete() - if not request.user.is_anonymous(): + if request.user.is_authenticated(): request.user.message_set.create(message="The %s was deleted." % model._meta.verbose_name) return HttpResponseRedirect(post_delete_redirect) else: diff --git a/docs/authentication.txt b/docs/authentication.txt index 68b9024a90..d10dda28ef 100644 --- a/docs/authentication.txt +++ b/docs/authentication.txt @@ -95,7 +95,11 @@ In addition to those automatic API methods, ``User`` objects have the following custom methods: * ``is_anonymous()`` -- Always returns ``False``. This is a way of - comparing ``User`` objects to anonymous users. + differentiating ``User`` and ``AnonymousUser`` objects. Generally, you + should prefer using ``is_authenticated()`` to this method. + + * ``is_authenticated()`` -- Always returns ``True``. This is a way to + tell if the user has been authenticated. * ``get_full_name()`` -- Returns the ``first_name`` plus the ``last_name``, with a space in between. @@ -219,6 +223,7 @@ the ``django.contrib.auth.models.User`` interface, with these differences: * ``id`` is always ``None``. * ``is_anonymous()`` returns ``True`` instead of ``False``. + * ``is_authenticated()`` returns ``False`` instead of ``True``. * ``has_perm()`` always returns ``False``. * ``set_password()``, ``check_password()``, ``save()``, ``delete()``, ``set_groups()`` and ``set_permissions()`` raise ``NotImplementedError``. @@ -254,12 +259,12 @@ Once you have those middlewares installed, you'll be able to access ``request.user`` in views. ``request.user`` will give you a ``User`` object representing the currently logged-in user. If a user isn't currently logged in, ``request.user`` will be set to an instance of ``AnonymousUser`` (see the -previous section). You can tell them apart with ``is_anonymous()``, like so:: +previous section). You can tell them apart with ``is_authenticated()``, like so:: - if request.user.is_anonymous(): - # Do something for anonymous users. + if request.user.is_authenticated(): + # Do something for authenticated users. else: - # Do something for logged-in users. + # Do something for anonymous users. .. _request objects: http://www.djangoproject.com/documentation/request_response/#httprequest-objects .. _session documentation: http://www.djangoproject.com/documentation/sessions/ @@ -323,19 +328,19 @@ The raw way ~~~~~~~~~~~ The simple, raw way to limit access to pages is to check -``request.user.is_anonymous()`` and either redirect to a login page:: +``request.user.is_authenticated()`` and either redirect to a login page:: from django.http import HttpResponseRedirect def my_view(request): - if request.user.is_anonymous(): + if not request.user.is_authenticated(): return HttpResponseRedirect('/login/?next=%s' % request.path) # ... ...or display an error message:: def my_view(request): - if request.user.is_anonymous(): + if not request.user.is_authenticated(): return render_to_response('myapp/login_error.html') # ... @@ -439,7 +444,7 @@ For example, this view checks to make sure the user is logged in and has the permission ``polls.can_vote``:: def my_view(request): - if request.user.is_anonymous() or not request.user.has_perm('polls.can_vote'): + if not (request.user.is_authenticated() and request.user.has_perm('polls.can_vote')): return HttpResponse("You can't vote in this poll.") # ... @@ -605,10 +610,10 @@ Users The currently logged-in user, either a ``User`` instance or an``AnonymousUser`` instance, is stored in the template variable ``{{ user }}``:: - {% if user.is_anonymous %} -

Welcome, new user. Please log in.

+ {% if user.is_authenticated %} +

Welcome, {{ user.username }}. Thanks for logging in.

{% else %} -

Welcome, {{ user.username }}. Thanks for logging in.

+

Welcome, new user. Please log in.

{% endif %} Permissions diff --git a/docs/request_response.txt b/docs/request_response.txt index 0bcb3a7f5b..df95bc77b7 100644 --- a/docs/request_response.txt +++ b/docs/request_response.txt @@ -106,12 +106,12 @@ All attributes except ``session`` should be considered read-only. A ``django.contrib.auth.models.User`` object representing the currently logged-in user. If the user isn't currently logged in, ``user`` will be set to an instance of ``django.contrib.auth.models.AnonymousUser``. You - can tell them apart with ``is_anonymous()``, like so:: + can tell them apart with ``is_authenticated()``, like so:: - if request.user.is_anonymous(): - # Do something for anonymous users. - else: + if request.user.is_authenticated(): # Do something for logged-in users. + else: + # Do something for anonymous users. ``user`` is only available if your Django installation has the ``AuthenticationMiddleware`` activated. For more, see