|Reported by:||Owned by:||nobody|
|Has patch:||no||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||no|
There area some problems with using User class and auth model. Main problem is the fact, that entity describing users is very crucial part of a whole system and should be django independent (e.g. we can change framework in the future). For now there is no way to change anything in User class in an elegant way (even add/change any fields that defines user not his profile, e.g. Social Security Number, or is this user a private person or a company).
My suggestion is to:
- create abstract class AbstractUser with fields:
username = models.CharField(_('username'), max_length=30, unique=True, help_text=_("Required. 30 characters or fewer. Alphanumeric characters only (letters, digits and underscores).")) password = models.CharField(_('password'), max_length=128, help_text=_("Use '[algo]$[salt]$[hexdigest]' or use the <a href=\"password/\">change password form</a>.")) groups = models.ManyToManyField(Group, verbose_name=_('groups'), blank=True, help_text=_("In addition to the permissions manually assigned, this user will also get all permissions granted to each group he/she is in.")) user_permissions = models.ManyToManyField(Permission, verbose_name=_('user permissions'), blank=True)
possibly we can also add:
is_active = models.BooleanField(_('active'), default=True, help_text=_("Designates whether this user should be treated as active. Unselect this instead of deleting accounts.")) is_superuser = models.BooleanField(_('superuser status'), default=False, help_text=_("Designates that this user has all permissions without explicitly assigning them.")) last_login = models.DateTimeField(_('last login'), default=datetime.datetime.now)
Abstract users should also define all the methods connected with fields above (e.g. set_password, has_perm etc).
- If there is no AUTH_USER_MODULE in settings we create subclass of AbstractUser called User, which changes nothing (it's non-abstract version of AbstractUser). Otherwise we import class from AUTH_USER_MODULE as User (from <module> import <class> as User)
All of this changes only django.contrib.auth.models and I believe should be quite easy to accomplish.