I am frequently needing the functionality to allow users to only update their own data and not other peoples data.
In my template I tried something like this according to the pythonic principal of least surprise:
{% ifequal user.id data.author_id %}
#allow user to do something (e.g. show an edit link)
{% endifequal %}
If the user is anonymous, this fails and shows a traceback, because the anonymous user has not have an ¨id¨ property.
Instead I must write this:
{% if not user.is_anonymous %}{% ifequal user.id data.author_id %}
# allow user to do something
{% endifequal %}{% endif %}
The same problem arises in view code:
if request.user.is_anonymous() or (request.user.id <> data.author_id):
# deny access to template and give out error
Suggestion:
If the anonymous user had an ¨id¨ property, the additional checks would not be needed.
The value for this ¨id¨ could be ¨None¨ as not be be mistaken for a real user.
I believe that the User and Anonymoususer objects should behave as similar to each other as possible, and I believe this improves things a bit.
