Authentication documentation doesn't describe is_active very well.
|Reported by:||mtredinnick||Owned by:||nobody|
|Has patch:||no||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||no|
The documentation for the User class in the authentication docs doesn't describe the effect of the is_active flag. It could easily lead people to suspect that the flag enforces whether the person can log in, however it is just a flag and the user's code needs to check it when determining whether to grant the user access to things. Nothing in the User model or login path enforces is_active (which is a good thing), although permission checking does respect it (useful for things doing model-level permission checking).
I'm not going to fix this now, since the documentation directory is undergoing churn at the moment whilst Jacob refactors it. This should wait until after that is finished.
Change History (5)
comment:2 Changed 7 years ago by Simon Greenhill
- Has patch set
- Needs documentation unset
- Needs tests unset
- Patch needs improvement unset
- Triage Stage changed from Unreviewed to Ready for checkin
comment:3 Changed 7 years ago by telenieko
- Has patch unset
- Triage Stage changed from Ready for checkin to Accepted
comment:4 Changed 7 years ago by mtredinnick
- Resolution set to fixed
- Status changed from new to closed