#783 closed enhancement (fixed)
Add ¨id¨ field to anonymous user object
| Reported by: | EABinGA | Owned by: | Adrian Holovaty |
|---|---|---|---|
| Component: | Core (Other) | Version: | |
| Severity: | trivial | Keywords: | |
| Cc: | Triage Stage: | Unreviewed | |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
I am frequently needing the functionality to allow users to only update their own data and not other peoples data.
In my template I tried something like this according to the pythonic principal of least surprise:
{% ifequal user.id data.author_id %}
#allow user to do something (e.g. show an edit link)
{% endifequal %}
If the user is anonymous, this fails and shows a traceback, because the anonymous user has not have an ¨id¨ property.
Instead I must write this:
{% if not user.is_anonymous %}{% ifequal user.id data.author_id %}
# allow user to do something
{% endifequal %}{% endif %}
The same problem arises in view code:
if request.user.is_anonymous() or (request.user.id <> data.author_id):
# deny access to template and give out error
Suggestion:
If the anonymous user had an ¨id¨ property, the additional checks would not be needed.
The value for this ¨id¨ could be ¨None¨ as not be be mistaken for a real user.
I believe that the User and Anonymoususer objects should behave as similar to each other as possible, and I believe this improves things a bit.
Note:
See TracTickets
for help on using tickets.
(In [1221]) Fixed #783 -- Added AnonymousUser.id = None. Thanks, EABinGA