Fixed #2332 -- Introduced is_authenticated() method on User and Anony…

…mousUser classes. Recommended its use over is_anonymous in the docs. Changed internal Django use to match this recommendation. Thanks to SmileyChris and Gary Wilson for the patch. git-svn-id: http://code.djangoproject.com/svn/django/trunk@3360 bcc190cf-cafb-0310-a4f2-bffc1f526a37
django · Jul 19, 2006 · 51705f6 · 51705f6
1 parent 533594d
commit 51705f6
Show file tree

Hide file tree

Showing 12 changed files with 46 additions and 33 deletions.
diff --git a/django/contrib/admin/templates/admin/base.html b/django/contrib/admin/templates/admin/base.html
@@ -20,9 +20,9 @@
         <div id="branding">
         {% block branding %}{% endblock %}
         </div>
-        {% if not user.is_anonymous %}{% if user.is_staff %}
+        {% if user.is_authenticated and user.is_staff %}
         <div id="user-tools">{% trans 'Welcome,' %} <strong>{% if user.first_name %}{{ user.first_name|escape }}{% else %}{{ user.username }}{% endif %}</strong>. {% block userlinks %}<a href="doc/">{% trans 'Documentation' %}</a> / <a href="password_change/">{% trans 'Change password' %}</a> / <a href="logout/">{% trans 'Log out' %}</a>{% endblock %}</div>
-        {% endif %}{% endif %}
+        {% endif %}
         {% block nav-global %}{% endblock %}
     </div>
     <!-- END Header -->

diff --git a/django/contrib/admin/views/decorators.py b/django/contrib/admin/views/decorators.py
@@ -46,7 +46,7 @@ def staff_member_required(view_func):
     member, displaying the login page if necessary.
     """
     def _checklogin(request, *args, **kwargs):
-        if not request.user.is_anonymous() and request.user.is_staff:
+        if request.user.is_authenticated() and request.user.is_staff:
             # The user is valid. Continue to the admin page.
             if request.POST.has_key('post_data'):
                 # User must have re-authenticated through a different window

diff --git a/django/contrib/auth/decorators.py b/django/contrib/auth/decorators.py
@@ -17,7 +17,7 @@ def _checklogin(request, *args, **kwargs):
         return _checklogin
     return _dec
 
-login_required = user_passes_test(lambda u: not u.is_anonymous())
+login_required = user_passes_test(lambda u: u.is_authenticated())
 login_required.__doc__ = (
     """
     Decorator for views that checks that the user is logged in, redirecting

diff --git a/django/contrib/auth/models.py b/django/contrib/auth/models.py
@@ -125,6 +125,11 @@ def get_absolute_url(self):
     def is_anonymous(self):
         "Always returns False. This is a way of comparing User objects to anonymous users."
         return False
+
+    def is_authenticated(self):
+        """Always return True. This is a way to tell if the user has been authenticated in templates.
+        """
+        return True
 
     def get_full_name(self):
         "Returns the first_name plus the last_name, with a space in between."
@@ -293,3 +298,6 @@ def get_and_delete_messages(self):
 
     def is_anonymous(self):
         return True
+
+    def is_authenticated(self):
+        return False
diff --git a/django/contrib/comments/templates/comments/form.html b/django/contrib/comments/templates/comments/form.html
@@ -2,10 +2,10 @@
 {% if display_form %}
 <form {% if photos_optional or photos_required %}enctype="multipart/form-data" {% endif %}action="/comments/post/" method="post">
 
-{% if user.is_anonymous %}
+{% if user.is_authenticated %}
-<p><label for="id_username">{% trans "Username:" %}</label> <input type="text" name="username" id="id_username" /><br />{% trans "Password:" %} <input type="password" name="password" id="id_password" /> (<a href="/accounts/password_reset/">{% trans "Forgotten your password?" %}</a>)</p>
-{% else %}
 <p>{% trans "Username:" %} <strong>{{ user.username }}</strong> (<a href="/accounts/logout/">{% trans "Log out" %}</a>)</p>
+{% else %}
+<p><label for="id_username">{% trans "Username:" %}</label> <input type="text" name="username" id="id_username" /><br />{% trans "Password:" %} <input type="password" name="password" id="id_password" /> (<a href="/accounts/password_reset/">{% trans "Forgotten your password?" %}</a>)</p>
 {% endif %}
 
 {% if ratings_optional or ratings_required %}

diff --git a/django/contrib/comments/templatetags/comments.py b/django/contrib/comments/templatetags/comments.py
@@ -114,7 +114,7 @@ def render(self, context):
         comment_list = get_list_function(**kwargs).order_by(self.ordering + 'submit_date').select_related()
 
         if not self.free:
-            if context.has_key('user') and not context['user'].is_anonymous():
+            if context.has_key('user') and context['user'].is_authenticated():
                 user_id = context['user'].id
                 context['user_can_moderate_comments'] = Comment.objects.user_is_moderator(context['user'])
             else:

diff --git a/django/contrib/comments/views/comments.py b/django/contrib/comments/views/comments.py
@@ -63,7 +63,7 @@ def get_validator_list(rating_num):
                 validator_list=get_validator_list(8),
             ),
         ])
-        if not user.is_anonymous():
+        if user.is_authenticated():
             self["username"].is_required = False
             self["username"].validator_list = []
             self["password"].is_required = False

diff --git a/django/contrib/comments/views/karma.py b/django/contrib/comments/views/karma.py
@@ -15,7 +15,7 @@ def vote(request, comment_id, vote):
     rating = {'up': 1, 'down': -1}.get(vote, False)
     if not rating:
         raise Http404, "Invalid vote"
-    if request.user.is_anonymous():
+    if not request.user.is_authenticated():
         raise Http404, _("Anonymous users cannot vote")
     try:
         comment = Comment.objects.get(pk=comment_id)

diff --git a/django/contrib/flatpages/views.py b/django/contrib/flatpages/views.py
@@ -22,7 +22,7 @@ def flatpage(request, url):
     f = get_object_or_404(FlatPage, url__exact=url, sites__id__exact=settings.SITE_ID)
     # If registration is required for accessing this page, and the user isn't
     # logged in, redirect to the login page.
-    if f.registration_required and request.user.is_anonymous():
+    if f.registration_required and not request.user.is_authenticated():
         from django.contrib.auth.views import redirect_to_login
         return redirect_to_login(request.path)
     if f.template_name:

diff --git a/django/views/generic/create_update.py b/django/views/generic/create_update.py
@@ -20,7 +20,7 @@ def create_object(request, model, template_name=None,
             the form wrapper for the object
     """
     if extra_context is None: extra_context = {}
-    if login_required and request.user.is_anonymous():
+    if login_required and not request.user.is_authenticated():
         return redirect_to_login(request.path)
 
     manipulator = model.AddManipulator(follow=follow)
@@ -39,7 +39,7 @@ def create_object(request, model, template_name=None,
             # No errors -- this means we can save the data!
             new_object = manipulator.save(new_data)
 
-            if not request.user.is_anonymous():
+            if request.user.is_authenticated():
                 request.user.message_set.create(message="The %s was created successfully." % model._meta.verbose_name)
 
             # Redirect to the new object: first by trying post_save_redirect,
@@ -86,7 +86,7 @@ def update_object(request, model, object_id=None, slug=None,
             the original object being edited
     """
     if extra_context is None: extra_context = {}
-    if login_required and request.user.is_anonymous():
+    if login_required and not request.user.is_authenticated():
         return redirect_to_login(request.path)
 
     # Look up the object to be edited
@@ -113,7 +113,7 @@ def update_object(request, model, object_id=None, slug=None,
         if not errors:
             object = manipulator.save(new_data)
 
-            if not request.user.is_anonymous():
+            if request.user.is_authenticated():
                 request.user.message_set.create(message="The %s was updated successfully." % model._meta.verbose_name)
 
             # Do a post-after-redirect so that reload works, etc.
@@ -162,7 +162,7 @@ def delete_object(request, model, post_delete_redirect,
             the original object being deleted
     """
     if extra_context is None: extra_context = {}
-    if login_required and request.user.is_anonymous():
+    if login_required and not request.user.is_authenticated():
         return redirect_to_login(request.path)
 
     # Look up the object to be edited
@@ -180,7 +180,7 @@ def delete_object(request, model, post_delete_redirect,
 
     if request.method == 'POST':
         object.delete()
-        if not request.user.is_anonymous():
+        if request.user.is_authenticated():
             request.user.message_set.create(message="The %s was deleted." % model._meta.verbose_name)
         return HttpResponseRedirect(post_delete_redirect)
     else:

diff --git a/docs/authentication.txt b/docs/authentication.txt
@@ -95,7 +95,11 @@ In addition to those automatic API methods, ``User`` objects have the following
 custom methods:
 
     * ``is_anonymous()`` -- Always returns ``False``. This is a way of
-      comparing ``User`` objects to anonymous users.
+      differentiating ``User`` and ``AnonymousUser`` objects. Generally, you
+      should prefer using ``is_authenticated()`` to this method.
+
+    * ``is_authenticated()`` -- Always returns ``True``. This is a way to
+      tell if the user has been authenticated.
 
     * ``get_full_name()`` -- Returns the ``first_name`` plus the ``last_name``,
       with a space in between.
@@ -219,6 +223,7 @@ the ``django.contrib.auth.models.User`` interface, with these differences:
 
     * ``id`` is always ``None``.
     * ``is_anonymous()`` returns ``True`` instead of ``False``.
+    * ``is_authenticated()`` returns ``False`` instead of ``True``.
     * ``has_perm()`` always returns ``False``.
     * ``set_password()``, ``check_password()``, ``save()``, ``delete()``,
       ``set_groups()`` and ``set_permissions()`` raise ``NotImplementedError``.
@@ -254,12 +259,12 @@ Once you have those middlewares installed, you'll be able to access
 ``request.user`` in views. ``request.user`` will give you a ``User`` object
 representing the currently logged-in user. If a user isn't currently logged in,
 ``request.user`` will be set to an instance of ``AnonymousUser`` (see the
-previous section). You can tell them apart with ``is_anonymous()``, like so::
+previous section). You can tell them apart with ``is_authenticated()``, like so::
 
-    if request.user.is_anonymous():
+    if request.user.is_authenticated():
-        # Do something for anonymous users.
+        # Do something for authenticated users.
     else:
-        # Do something for logged-in users.
+        # Do something for anonymous users.
 
 .. _request objects: http://www.djangoproject.com/documentation/request_response/#httprequest-objects
 .. _session documentation: http://www.djangoproject.com/documentation/sessions/
@@ -323,19 +328,19 @@ The raw way
 ~~~~~~~~~~~
 
 The simple, raw way to limit access to pages is to check
-``request.user.is_anonymous()`` and either redirect to a login page::
+``request.user.is_authenticated()`` and either redirect to a login page::
 
     from django.http import HttpResponseRedirect
 
     def my_view(request):
-        if request.user.is_anonymous():
+        if not request.user.is_authenticated():
             return HttpResponseRedirect('/login/?next=%s' % request.path)
         # ...
 
 ...or display an error message::
 
     def my_view(request):
-        if request.user.is_anonymous():
+        if not request.user.is_authenticated():
             return render_to_response('myapp/login_error.html')
         # ...
 
@@ -439,7 +444,7 @@ For example, this view checks to make sure the user is logged in and has the
 permission ``polls.can_vote``::
 
     def my_view(request):
-        if request.user.is_anonymous() or not request.user.has_perm('polls.can_vote'):
+        if not (request.user.is_authenticated() and request.user.has_perm('polls.can_vote')):
             return HttpResponse("You can't vote in this poll.")
         # ...
 
@@ -605,10 +610,10 @@ Users
 The currently logged-in user, either a ``User`` instance or an``AnonymousUser``
 instance, is stored in the template variable ``{{ user }}``::
 
-    {% if user.is_anonymous %}
+    {% if user.is_authenticated %}
-        <p>Welcome, new user. Please log in.</p>
+        <p>Welcome, {{ user.username }}. Thanks for logging in.</p>    
     {% else %}
-        <p>Welcome, {{ user.username }}. Thanks for logging in.</p>
+        <p>Welcome, new user. Please log in.</p>
     {% endif %}
 
 Permissions

diff --git a/docs/request_response.txt b/docs/request_response.txt
@@ -106,12 +106,12 @@ All attributes except ``session`` should be considered read-only.
     A ``django.contrib.auth.models.User`` object representing the currently
     logged-in user. If the user isn't currently logged in, ``user`` will be set
     to an instance of ``django.contrib.auth.models.AnonymousUser``. You
-    can tell them apart with ``is_anonymous()``, like so::
+    can tell them apart with ``is_authenticated()``, like so::
 
-        if request.user.is_anonymous():
+        if request.user.is_authenticated():
-            # Do something for anonymous users.
-        else:
             # Do something for logged-in users.
+        else:
+            # Do something for anonymous users.
 
     ``user`` is only available if your Django installation has the
     ``AuthenticationMiddleware`` activated. For more, see