Mercurial > kallithea
diff development.ini @ 7694:1e83cda87899
auth: drop unused AuthUser.is_authenticated
It seems like other ways of tracking authentication state are better. AuthUser
is a *potentially* authenticated user. We prefer to keep it as that, without
modifying the AuthUser object if the user actually should be authenticated.
The primariy indicator that a user is authenticated is when the AuthUser is set
as request.authuser .
(Alternatively, we could create an AuthenticatedUser sub-class and move things
like access control checks there. That would help ensuring it is used
correctly, without having to check an is_authenticated flag.)
author | Mads Kiilerich <mads@kiilerich.com> |
---|---|
date | Thu, 03 Jan 2019 01:22:06 +0100 |
parents | 0e3e0864f210 |
children | cbdc0c3a5406 |