Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Fixed #2332 -- Introduced is_authenticated() method on User and Anony…

…mousUser classes. Recommended its use over is_anonymous in the docs. Changed internal Django use to match this recommendation. Thanks to SmileyChris and Gary Wilson for the patch.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@3360 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
commit 51705f60b1b561b3e44d1ff3d02bc12d7af26d9f 1 parent 533594d
@malcolmt malcolmt authored
View
4 django/contrib/admin/templates/admin/base.html
@@ -20,9 +20,9 @@
<div id="branding">
{% block branding %}{% endblock %}
</div>
- {% if not user.is_anonymous %}{% if user.is_staff %}
+ {% if user.is_authenticated and user.is_staff %}
<div id="user-tools">{% trans 'Welcome,' %} <strong>{% if user.first_name %}{{ user.first_name|escape }}{% else %}{{ user.username }}{% endif %}</strong>. {% block userlinks %}<a href="doc/">{% trans 'Documentation' %}</a> / <a href="password_change/">{% trans 'Change password' %}</a> / <a href="logout/">{% trans 'Log out' %}</a>{% endblock %}</div>
- {% endif %}{% endif %}
+ {% endif %}
{% block nav-global %}{% endblock %}
</div>
<!-- END Header -->
View
2  django/contrib/admin/views/decorators.py
@@ -46,7 +46,7 @@ def staff_member_required(view_func):
member, displaying the login page if necessary.
"""
def _checklogin(request, *args, **kwargs):
- if not request.user.is_anonymous() and request.user.is_staff:
+ if request.user.is_authenticated() and request.user.is_staff:
# The user is valid. Continue to the admin page.
if request.POST.has_key('post_data'):
# User must have re-authenticated through a different window
View
2  django/contrib/auth/decorators.py
@@ -17,7 +17,7 @@ def _checklogin(request, *args, **kwargs):
return _checklogin
return _dec
-login_required = user_passes_test(lambda u: not u.is_anonymous())
+login_required = user_passes_test(lambda u: u.is_authenticated())
login_required.__doc__ = (
"""
Decorator for views that checks that the user is logged in, redirecting
View
8 django/contrib/auth/models.py
@@ -125,6 +125,11 @@ def get_absolute_url(self):
def is_anonymous(self):
"Always returns False. This is a way of comparing User objects to anonymous users."
return False
+
+ def is_authenticated(self):
+ """Always return True. This is a way to tell if the user has been authenticated in templates.
+ """
+ return True
def get_full_name(self):
"Returns the first_name plus the last_name, with a space in between."
@@ -293,3 +298,6 @@ def get_and_delete_messages(self):
def is_anonymous(self):
return True
+
+ def is_authenticated(self):
+ return False
View
6 django/contrib/comments/templates/comments/form.html
@@ -2,10 +2,10 @@
{% if display_form %}
<form {% if photos_optional or photos_required %}enctype="multipart/form-data" {% endif %}action="/comments/post/" method="post">
-{% if user.is_anonymous %}
-<p><label for="id_username">{% trans "Username:" %}</label> <input type="text" name="username" id="id_username" /><br />{% trans "Password:" %} <input type="password" name="password" id="id_password" /> (<a href="/accounts/password_reset/">{% trans "Forgotten your password?" %}</a>)</p>
-{% else %}
+{% if user.is_authenticated %}
<p>{% trans "Username:" %} <strong>{{ user.username }}</strong> (<a href="/accounts/logout/">{% trans "Log out" %}</a>)</p>
+{% else %}
+<p><label for="id_username">{% trans "Username:" %}</label> <input type="text" name="username" id="id_username" /><br />{% trans "Password:" %} <input type="password" name="password" id="id_password" /> (<a href="/accounts/password_reset/">{% trans "Forgotten your password?" %}</a>)</p>
{% endif %}
{% if ratings_optional or ratings_required %}
View
2  django/contrib/comments/templatetags/comments.py
@@ -114,7 +114,7 @@ def render(self, context):
comment_list = get_list_function(**kwargs).order_by(self.ordering + 'submit_date').select_related()
if not self.free:
- if context.has_key('user') and not context['user'].is_anonymous():
+ if context.has_key('user') and context['user'].is_authenticated():
user_id = context['user'].id
context['user_can_moderate_comments'] = Comment.objects.user_is_moderator(context['user'])
else:
View
2  django/contrib/comments/views/comments.py
@@ -63,7 +63,7 @@ def get_validator_list(rating_num):
validator_list=get_validator_list(8),
),
])
- if not user.is_anonymous():
+ if user.is_authenticated():
self["username"].is_required = False
self["username"].validator_list = []
self["password"].is_required = False
View
2  django/contrib/comments/views/karma.py
@@ -15,7 +15,7 @@ def vote(request, comment_id, vote):
rating = {'up': 1, 'down': -1}.get(vote, False)
if not rating:
raise Http404, "Invalid vote"
- if request.user.is_anonymous():
+ if not request.user.is_authenticated():
raise Http404, _("Anonymous users cannot vote")
try:
comment = Comment.objects.get(pk=comment_id)
View
2  django/contrib/flatpages/views.py
@@ -22,7 +22,7 @@ def flatpage(request, url):
f = get_object_or_404(FlatPage, url__exact=url, sites__id__exact=settings.SITE_ID)
# If registration is required for accessing this page, and the user isn't
# logged in, redirect to the login page.
- if f.registration_required and request.user.is_anonymous():
+ if f.registration_required and not request.user.is_authenticated():
from django.contrib.auth.views import redirect_to_login
return redirect_to_login(request.path)
if f.template_name:
View
12 django/views/generic/create_update.py
@@ -20,7 +20,7 @@ def create_object(request, model, template_name=None,
the form wrapper for the object
"""
if extra_context is None: extra_context = {}
- if login_required and request.user.is_anonymous():
+ if login_required and not request.user.is_authenticated():
return redirect_to_login(request.path)
manipulator = model.AddManipulator(follow=follow)
@@ -39,7 +39,7 @@ def create_object(request, model, template_name=None,
# No errors -- this means we can save the data!
new_object = manipulator.save(new_data)
- if not request.user.is_anonymous():
+ if request.user.is_authenticated():
request.user.message_set.create(message="The %s was created successfully." % model._meta.verbose_name)
# Redirect to the new object: first by trying post_save_redirect,
@@ -86,7 +86,7 @@ def update_object(request, model, object_id=None, slug=None,
the original object being edited
"""
if extra_context is None: extra_context = {}
- if login_required and request.user.is_anonymous():
+ if login_required and not request.user.is_authenticated():
return redirect_to_login(request.path)
# Look up the object to be edited
@@ -113,7 +113,7 @@ def update_object(request, model, object_id=None, slug=None,
if not errors:
object = manipulator.save(new_data)
- if not request.user.is_anonymous():
+ if request.user.is_authenticated():
request.user.message_set.create(message="The %s was updated successfully." % model._meta.verbose_name)
# Do a post-after-redirect so that reload works, etc.
@@ -162,7 +162,7 @@ def delete_object(request, model, post_delete_redirect,
the original object being deleted
"""
if extra_context is None: extra_context = {}
- if login_required and request.user.is_anonymous():
+ if login_required and not request.user.is_authenticated():
return redirect_to_login(request.path)
# Look up the object to be edited
@@ -180,7 +180,7 @@ def delete_object(request, model, post_delete_redirect,
if request.method == 'POST':
object.delete()
- if not request.user.is_anonymous():
+ if request.user.is_authenticated():
request.user.message_set.create(message="The %s was deleted." % model._meta.verbose_name)
return HttpResponseRedirect(post_delete_redirect)
else:
View
29 docs/authentication.txt
@@ -95,7 +95,11 @@ In addition to those automatic API methods, ``User`` objects have the following
custom methods:
* ``is_anonymous()`` -- Always returns ``False``. This is a way of
- comparing ``User`` objects to anonymous users.
+ differentiating ``User`` and ``AnonymousUser`` objects. Generally, you
+ should prefer using ``is_authenticated()`` to this method.
+
+ * ``is_authenticated()`` -- Always returns ``True``. This is a way to
+ tell if the user has been authenticated.
* ``get_full_name()`` -- Returns the ``first_name`` plus the ``last_name``,
with a space in between.
@@ -219,6 +223,7 @@ the ``django.contrib.auth.models.User`` interface, with these differences:
* ``id`` is always ``None``.
* ``is_anonymous()`` returns ``True`` instead of ``False``.
+ * ``is_authenticated()`` returns ``False`` instead of ``True``.
* ``has_perm()`` always returns ``False``.
* ``set_password()``, ``check_password()``, ``save()``, ``delete()``,
``set_groups()`` and ``set_permissions()`` raise ``NotImplementedError``.
@@ -254,12 +259,12 @@ Once you have those middlewares installed, you'll be able to access
``request.user`` in views. ``request.user`` will give you a ``User`` object
representing the currently logged-in user. If a user isn't currently logged in,
``request.user`` will be set to an instance of ``AnonymousUser`` (see the
-previous section). You can tell them apart with ``is_anonymous()``, like so::
+previous section). You can tell them apart with ``is_authenticated()``, like so::
- if request.user.is_anonymous():
- # Do something for anonymous users.
+ if request.user.is_authenticated():
+ # Do something for authenticated users.
else:
- # Do something for logged-in users.
+ # Do something for anonymous users.
.. _request objects: http://www.djangoproject.com/documentation/request_response/#httprequest-objects
.. _session documentation: http://www.djangoproject.com/documentation/sessions/
@@ -323,19 +328,19 @@ The raw way
~~~~~~~~~~~
The simple, raw way to limit access to pages is to check
-``request.user.is_anonymous()`` and either redirect to a login page::
+``request.user.is_authenticated()`` and either redirect to a login page::
from django.http import HttpResponseRedirect
def my_view(request):
- if request.user.is_anonymous():
+ if not request.user.is_authenticated():
return HttpResponseRedirect('/login/?next=%s' % request.path)
# ...
...or display an error message::
def my_view(request):
- if request.user.is_anonymous():
+ if not request.user.is_authenticated():
return render_to_response('myapp/login_error.html')
# ...
@@ -439,7 +444,7 @@ For example, this view checks to make sure the user is logged in and has the
permission ``polls.can_vote``::
def my_view(request):
- if request.user.is_anonymous() or not request.user.has_perm('polls.can_vote'):
+ if not (request.user.is_authenticated() and request.user.has_perm('polls.can_vote')):
return HttpResponse("You can't vote in this poll.")
# ...
@@ -605,10 +610,10 @@ Users
The currently logged-in user, either a ``User`` instance or an``AnonymousUser``
instance, is stored in the template variable ``{{ user }}``::
- {% if user.is_anonymous %}
- <p>Welcome, new user. Please log in.</p>
+ {% if user.is_authenticated %}
+ <p>Welcome, {{ user.username }}. Thanks for logging in.</p>
{% else %}
- <p>Welcome, {{ user.username }}. Thanks for logging in.</p>
+ <p>Welcome, new user. Please log in.</p>
{% endif %}
Permissions
View
8 docs/request_response.txt
@@ -106,12 +106,12 @@ All attributes except ``session`` should be considered read-only.
A ``django.contrib.auth.models.User`` object representing the currently
logged-in user. If the user isn't currently logged in, ``user`` will be set
to an instance of ``django.contrib.auth.models.AnonymousUser``. You
- can tell them apart with ``is_anonymous()``, like so::
+ can tell them apart with ``is_authenticated()``, like so::
- if request.user.is_anonymous():
- # Do something for anonymous users.
- else:
+ if request.user.is_authenticated():
# Do something for logged-in users.
+ else:
+ # Do something for anonymous users.
``user`` is only available if your Django installation has the
``AuthenticationMiddleware`` activated. For more, see

0 comments on commit 51705f6

Please sign in to comment.
Something went wrong with that request. Please try again.