Clarified documentation to indicate that authenticating a user doesn't imply that they are active. Reinforced the fact that has_perm only returns true if user is active, and fixed a minor bug to that effect.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@3885 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
parent
14fb13da7e
commit
fa4bb1b093
1
AUTHORS
1
AUTHORS
|
@ -75,6 +75,7 @@ answer newbie questions, and generally made Django that much better:
|
||||||
Jeremy Dunck <http://dunck.us/>
|
Jeremy Dunck <http://dunck.us/>
|
||||||
Andy Dustman <farcepest@gmail.com>
|
Andy Dustman <farcepest@gmail.com>
|
||||||
Clint Ecker
|
Clint Ecker
|
||||||
|
Enrico <rico.bl@gmail.com>
|
||||||
favo@exoweb.net
|
favo@exoweb.net
|
||||||
gandalf@owca.info
|
gandalf@owca.info
|
||||||
Baishampayan Ghose
|
Baishampayan Ghose
|
||||||
|
|
|
@ -216,6 +216,8 @@ class User(models.Model):
|
||||||
|
|
||||||
def has_module_perms(self, app_label):
|
def has_module_perms(self, app_label):
|
||||||
"Returns True if the user has any permissions in the given app label."
|
"Returns True if the user has any permissions in the given app label."
|
||||||
|
if not self.is_active:
|
||||||
|
return False
|
||||||
if self.is_superuser:
|
if self.is_superuser:
|
||||||
return True
|
return True
|
||||||
return bool(len([p for p in self.get_all_permissions() if p[:p.index('.')] == app_label]))
|
return bool(len([p for p in self.get_all_permissions() if p[:p.index('.')] == app_label]))
|
||||||
|
|
|
@ -99,7 +99,9 @@ custom methods:
|
||||||
should prefer using ``is_authenticated()`` to this method.
|
should prefer using ``is_authenticated()`` to this method.
|
||||||
|
|
||||||
* ``is_authenticated()`` -- Always returns ``True``. This is a way to
|
* ``is_authenticated()`` -- Always returns ``True``. This is a way to
|
||||||
tell if the user has been authenticated.
|
tell if the user has been authenticated. This does not imply any
|
||||||
|
permissions, and doesn't check if the user is active - it only indicates
|
||||||
|
that the user has provided a valid username and password.
|
||||||
|
|
||||||
* ``get_full_name()`` -- Returns the ``first_name`` plus the ``last_name``,
|
* ``get_full_name()`` -- Returns the ``first_name`` plus the ``last_name``,
|
||||||
with a space in between.
|
with a space in between.
|
||||||
|
@ -120,13 +122,16 @@ custom methods:
|
||||||
|
|
||||||
* ``has_perm(perm)`` -- Returns ``True`` if the user has the specified
|
* ``has_perm(perm)`` -- Returns ``True`` if the user has the specified
|
||||||
permission, where perm is in the format ``"package.codename"``.
|
permission, where perm is in the format ``"package.codename"``.
|
||||||
|
If the user is inactive, this method will always return ``False``.
|
||||||
|
|
||||||
* ``has_perms(perm_list)`` -- Returns ``True`` if the user has each of the
|
* ``has_perms(perm_list)`` -- Returns ``True`` if the user has each of the
|
||||||
specified permissions, where each perm is in the format
|
specified permissions, where each perm is in the format
|
||||||
``"package.codename"``.
|
``"package.codename"``. If the user is inactive, this method will
|
||||||
|
always return ``False``.
|
||||||
|
|
||||||
* ``has_module_perms(package_name)`` -- Returns ``True`` if the user has
|
* ``has_module_perms(package_name)`` -- Returns ``True`` if the user has
|
||||||
any permissions in the given package (the Django app label).
|
any permissions in the given package (the Django app label).
|
||||||
|
If the user is inactive, this method will always return ``False``.
|
||||||
|
|
||||||
* ``get_and_delete_messages()`` -- Returns a list of ``Message`` objects in
|
* ``get_and_delete_messages()`` -- Returns a list of ``Message`` objects in
|
||||||
the user's queue and deletes the messages from the queue.
|
the user's queue and deletes the messages from the queue.
|
||||||
|
@ -283,7 +288,10 @@ password is invalid, ``authenticate()`` returns ``None``. Example::
|
||||||
from django.contrib.auth import authenticate
|
from django.contrib.auth import authenticate
|
||||||
user = authenticate(username='john', password='secret')
|
user = authenticate(username='john', password='secret')
|
||||||
if user is not None:
|
if user is not None:
|
||||||
|
if user.is_active:
|
||||||
print "You provided a correct username and password!"
|
print "You provided a correct username and password!"
|
||||||
|
else:
|
||||||
|
print "Your account has been disabled!"
|
||||||
else:
|
else:
|
||||||
print "Your username and password were incorrect."
|
print "Your username and password were incorrect."
|
||||||
|
|
||||||
|
@ -301,10 +309,13 @@ This example shows how you might use both ``authenticate()`` and ``login()``::
|
||||||
password = request.POST['password']
|
password = request.POST['password']
|
||||||
user = authenticate(username=username, password=password)
|
user = authenticate(username=username, password=password)
|
||||||
if user is not None:
|
if user is not None:
|
||||||
|
if user.is_active:
|
||||||
login(request, user)
|
login(request, user)
|
||||||
# Redirect to a success page.
|
# Redirect to a success page.
|
||||||
else:
|
else:
|
||||||
# Return an error message.
|
# Return a 'disabled account' error message
|
||||||
|
else:
|
||||||
|
# Return a 'invalid login' error message.
|
||||||
|
|
||||||
How to log a user out
|
How to log a user out
|
||||||
---------------------
|
---------------------
|
||||||
|
|
Loading…
Reference in New Issue