tickets: 20313
This data as json
| id | created | changetime | last_pulled_from_trac | stage | status | component | type | severity | version | resolution | summary | description | owner | reporter | keywords | easy | has_patch | needs_better_patch | needs_tests | needs_docs | ui_ux |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 20313 | 2013-04-24 12:49:57 | 2020-04-13 23:04:34 | 2022-03-06 04:13:35.222941 | Accepted | assigned | contrib.auth | New feature | Normal | AnonymousUser should follow custom User implementation | Introducing custom User classes opened a few new options for handling authorization logic, e.g.: {{{ self.request.user.has_purchased(object) }}} or as @akaariai mentioned: {{{ request.user.has_role_in_org(some_org) }}} Without being able to define custom AnonymousUser class that follows User implementation this will not work. There are some ideas on how to solve that, and the ones discussed are: * defining {{{anonymous_user_class}}} on {{{UserClass}}} (@akaariai) * merging {{{User}}} and {{{AnonymousUser}}} (@apollo13) The current dirty patch uses the same approach as with {{{get_user_model()}}}: * django.contrib.auth.get_anonymous_model * django.conf.global_settings.AUTH_ANONYMOUS_MODEL and changes in: * django.contrib.auth.context_processors * django.db.models.sql.where.WhereNode | thinkingpotato | thinkingpotato@gmail.com | 0 | 0 | 0 | 0 | 0 | 0 |