Authentication documentation doesn't describe is_active very well.
The documentation for the User class in the authentication docs doesn't describe the effect of the is_active
flag. It could easily lead people to suspect that the flag enforces whether the person can log in, however it is just a flag and the user's code needs to check it when determining whether to grant the user access to things. Nothing in the User model or login path enforces is_active (which is a good thing), although permission checking does respect it (useful for things doing model-level permission checking).
I'm not going to fix this now, since the documentation directory is undergoing churn at the moment whilst Jacob refactors it. This should wait until after that is finished.
Change History
(5)
Has patch: |
set
|
Triage Stage: |
Unreviewed → Ready for checkin
|
Has patch: |
unset
|
Triage Stage: |
Ready for checkin → Accepted
|
Resolution: |
→ fixed
|
Status: |
new → closed
|
(In [7414]) Updated the inline help text for User.is_active.
Fixed #6881. Refs #7011.