diff options
| author | Russell Keith-Magee <russell@keith-magee.com> | 2006-09-30 01:21:03 +0000 |
|---|---|---|
| committer | Russell Keith-Magee <russell@keith-magee.com> | 2006-09-30 01:21:03 +0000 |
| commit | fa4bb1b0933ac5b1b266269d20f1a40808f822ab (patch) | |
| tree | 1efc3279d4f8b781b9d3f8dfba85c8538763d83b | |
| parent | 14fb13da7ef3137a6b166c77724c3d790795e212 (diff) | |
Clarified documentation to indicate that authenticating a user doesn't imply that they are active. Reinforced the fact that has_perm only returns true if user is active, and fixed a minor bug to that effect.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@3885 bcc190cf-cafb-0310-a4f2-bffc1f526a37
| -rw-r--r-- | AUTHORS | 1 | ||||
| -rw-r--r-- | django/contrib/auth/models.py | 2 | ||||
| -rw-r--r-- | docs/authentication.txt | 23 |
3 files changed, 20 insertions, 6 deletions
@@ -75,6 +75,7 @@ answer newbie questions, and generally made Django that much better: Jeremy Dunck <http://dunck.us/> Andy Dustman <farcepest@gmail.com> Clint Ecker + Enrico <rico.bl@gmail.com> favo@exoweb.net gandalf@owca.info Baishampayan Ghose diff --git a/django/contrib/auth/models.py b/django/contrib/auth/models.py index eb5713ba57..73bcfe92aa 100644 --- a/django/contrib/auth/models.py +++ b/django/contrib/auth/models.py @@ -216,6 +216,8 @@ class User(models.Model): def has_module_perms(self, app_label): "Returns True if the user has any permissions in the given app label." + if not self.is_active: + return False if self.is_superuser: return True return bool(len([p for p in self.get_all_permissions() if p[:p.index('.')] == app_label])) diff --git a/docs/authentication.txt b/docs/authentication.txt index a6ea2b7b02..dc2e7c1475 100644 --- a/docs/authentication.txt +++ b/docs/authentication.txt @@ -99,7 +99,9 @@ custom methods: should prefer using ``is_authenticated()`` to this method. * ``is_authenticated()`` -- Always returns ``True``. This is a way to - tell if the user has been authenticated. + tell if the user has been authenticated. This does not imply any + permissions, and doesn't check if the user is active - it only indicates + that the user has provided a valid username and password. * ``get_full_name()`` -- Returns the ``first_name`` plus the ``last_name``, with a space in between. @@ -120,13 +122,16 @@ custom methods: * ``has_perm(perm)`` -- Returns ``True`` if the user has the specified permission, where perm is in the format ``"package.codename"``. + If the user is inactive, this method will always return ``False``. * ``has_perms(perm_list)`` -- Returns ``True`` if the user has each of the specified permissions, where each perm is in the format - ``"package.codename"``. + ``"package.codename"``. If the user is inactive, this method will + always return ``False``. * ``has_module_perms(package_name)`` -- Returns ``True`` if the user has any permissions in the given package (the Django app label). + If the user is inactive, this method will always return ``False``. * ``get_and_delete_messages()`` -- Returns a list of ``Message`` objects in the user's queue and deletes the messages from the queue. @@ -283,7 +288,10 @@ password is invalid, ``authenticate()`` returns ``None``. Example:: from django.contrib.auth import authenticate user = authenticate(username='john', password='secret') if user is not None: - print "You provided a correct username and password!" + if user.is_active: + print "You provided a correct username and password!" + else: + print "Your account has been disabled!" else: print "Your username and password were incorrect." @@ -301,10 +309,13 @@ This example shows how you might use both ``authenticate()`` and ``login()``:: password = request.POST['password'] user = authenticate(username=username, password=password) if user is not None: - login(request, user) - # Redirect to a success page. + if user.is_active: + login(request, user) + # Redirect to a success page. + else: + # Return a 'disabled account' error message else: - # Return an error message. + # Return a 'invalid login' error message. How to log a user out --------------------- |
