You can't use AnonymousUser in the database API
|Reported by:||teolicy||Owned by:||nobody|
|Has patch:||no||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||no|
There's an ancient ticket (#3413) with the same title, where the person opening the ticket probably failed to realize that you can't use AnonymousUser with the ORM and didn't duly check is_authenticated() before using request.user (or whatever).
I do understand the difference between User and AnonymousUser, and understand the latter can't be used with the ORM, but I think this is poor behaviour which may need correction (though breaking backwards compatibility could be a very good reason not to fix this). I think it's tedious and error prone to check for is_authenticated() all the time, and I had more than one bug where I was bit by request.user not having get_full_name() or .pk or plainly not being searchable as SomeModel.objects.filter(owner=request.user).exists() or so.
I think the best solution would be for AnonymousUser to be 100% compatible with the ORM, and I think the sanest way to get there would be to make it possible to create a User object with reasonable values. Backwards compatibility could be achieved with a setting like AUTH_NEW_STYLE_ANONYMOUS=True, syncdb() could create the record in the database.
I'd love to hear your comments, I'm thinking about implementing this as a (very small) external project if this will be rejected, so in addition to knowing whether this is a good idea for django, I'd appreciate your thoughts about whether this is a good idea at all.