Authentication documentation doesn't describe is_active very well.
|Reported by:||Malcolm Tredinnick||Owned by:||nobody|
|Has patch:||no||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||no|
The documentation for the User class in the authentication docs doesn't describe the effect of the
is_active flag. It could easily lead people to suspect that the flag enforces whether the person can log in, however it is just a flag and the user's code needs to check it when determining whether to grant the user access to things. Nothing in the User model or login path enforces is_active (which is a good thing), although permission checking does respect it (useful for things doing model-level permission checking).
I'm not going to fix this now, since the documentation directory is undergoing churn at the moment whilst Jacob refactors it. This should wait until after that is finished.