Opened 7 years ago
Closed 7 years ago
#28302 closed Cleanup/optimization (duplicate)
Separate authorisation from authentication
| Reported by: | Luc Saffre | Owned by: | nobody |
|---|---|---|---|
| Component: | contrib.auth | Version: | 1.11 |
| Severity: | Normal | Keywords: | |
| Cc: | Triage Stage: | Unreviewed | |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
With the AUTH_USER_MODEL setting, Django has opened the door for specifying a custom User model. Now it is only a little step to make it possible to use Django's authentication system without also using the authorization and permissions system. We just need to make sure that the functions defined in the auth.init.py file don't import the auth.models.py file. This is necessary because Django does not allow importing a models module of an app which is not installed.
This is what pull request 8635 does. The changes in this PR are rather minimal and don't affect Django itself. We ran the Django test suite as described in Writing your first patch for Django in order to verify this. Summary of our changes:
1) in file django/contrib/auth/base_user.py we define a class method on the AbstractUser model:
@classmethod
def get_anonymous_user(cls):
"""Return an instance of AnonymousUser. Alternative implementations
for AUTH_USER_MODEL may override this to use an alternative
AnonymousUser class or add custom initialization.
"""
return AnonymousUser()
2) In three places we changed Django to call this class method instead of instantiating AnonymousUser itself.
BEFORE:
from django.contrib.auth.models import AnonymousUser
request.user = AnonymousUser()
AFTER:
from django.contrib.auth import get_user_model
request.user = get_user_model().get_anonymous_user()
As a side effect this PR also provides a fix for #20313. Instead of introducing a new setting ANONYMOUS_USER_MODEL, we prefer to define a class method on the AbstractUser model.
This PR might also be an answer to #26401 (Allow auth machinery to be used without installing auth app)
Some of our applications application cannot yet migrate to Python 3 due to third-party dependencies. So for us it would be important that these changes could be visible to the latest 1.x branch as well.
Change History (1)
comment:1 by , 7 years ago
| Component: | Uncategorized → contrib.auth |
|---|---|
| Resolution: | → duplicate |
| Status: | new → closed |
| Type: | Uncategorized → Cleanup/optimization |
I'd consider this a duplicate of #20313. I closed the PR to stable/1.11.x as this type of change doesn't qualify for a backport per our supported versions policy. Feel free to send a pull request to master -- tests and documentation also required.