--
You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscribe@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at https://groups.google.com/group/django-developers.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/065eb9a5-d935-466d-a301-d7de87e6fbb0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscribe@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at https://groups.google.com/group/django-developers.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/0c20c042-cc34-4707-a3e0-eed3ce2cf83d%40googlegroups.com.
Wouldn't that be better placed in a linter library (such as django_linter)?
The syntax is right, it really does what it describes, but it may
be wrongly understood, so the syntax could be pointed out as
possible cause of bug, but the behaviour we have now seems totally
logic and the change would probably have side effects on many
projects.
I'm not using specific linters other than the one included in PyCharm, but it would probably be a good idea, when you write "if request.user:" to have it propose to rewrite it as "if request.user.is_authenticated:" if it's what we meant.
-- Brice
--
You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-develop...@googlegroups.com.
To post to this group, send email to django-d...@googlegroups.com.
Visit this group at https://groups.google.com/group/django-developers.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/065eb9a5-d935-466d-a301-d7de87e6fbb0%40googlegroups.com.
You received this message because you are subscribed to a topic in the Google Groups "Django developers (Contributions to Django itself)" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/django-developers/rGWdttZO06g/unsubscribe.
To unsubscribe from this group and all its topics, send an email to django-develop...@googlegroups.com.
To post to this group, send email to django-d...@googlegroups.com.
Visit this group at https://groups.google.com/group/django-developers.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/ba96fd99-43ce-2a0b-b79f-eed955bc7be8%40brice.xyz.
On the other hand, maybe it's a good idea to report a warning in the __bool__ method? In most cases, bool(AnonymousUser) is a programming error, and not a valid code, so this might be helpful.
In my mental model, the request either was sent by a user (that has a User object) or not (and in this case it should be None, or at least something that works like None). However, looks like the majority of you have a different model, so I'm not going to press for that.
On the other hand, maybe it's a good idea to report a warning in the __bool__ method? In most cases, bool(AnonymousUser) is a programming error, and not a valid code, so this might be helpful.
We could make it a warning forever, or use RemovedInDjango30Warning, and then switch to return False OR an exception in 3.0.
Linus
On Thu, Jun 1, 2017 at 9:34 AM Brice PARENT <con...@brice.xyz> wrote:
Wouldn't that be better placed in a linter library (such as django_linter)? The syntax is right, it really does what it describes, but it may be wrongly understood, so the syntax could be pointed out as possible cause of bug, but the behaviour we have now seems totally logic and the change would probably have side effects on many projects.
I'm not using specific linters other than the one included in PyCharm, but it would probably be a good idea, when you write "if request.user:" to have it propose to rewrite it as "if request.user.is_authenticated:" if it's what we meant.
-- Brice
Le 31/05/17 à 18:44, li...@lew21.net a écrit :
--I suggest adding __bool__() method returning False to the AnonymousUser class.
This way it'll be possible to check if the user is authenticated by simply writing "if request.user:"
It's a frequent source of bugs (at least for me, but probably I'm not alone) that right now this code returns True for anonymous users. If unnoticed, such bugs can also lead to security issues.
Related ticket: https://code.djangoproject.com/ticket/28259
You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscribe@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at https://groups.google.com/group/django-developers.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/065eb9a5-d935-466d-a301-d7de87e6fbb0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to a topic in the Google Groups "Django developers (Contributions to Django itself)" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/django-developers/rGWdttZO06g/unsubscribe.
To unsubscribe from this group and all its topics, send an email to django-developers+unsubscribe@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at https://groups.google.com/group/django-developers.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/ba96fd99-43ce-2a0b-b79f-eed955bc7be8%40brice.xyz.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscribe@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at https://groups.google.com/group/django-developers.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/CAB96mebXAH5SLN3p2wDCtvQs4POVD6Xrh-NHOLVM31Q%3DUvX_NQ%40mail.gmail.com.
bool(AnonymousUser) is very pythonic, not a "programming error". The rules for python's truthy/falsey are mostly "empty string, 0 (int/float/fraction...), False and None are falsey, the rest are truthy". Making AnonymousUser anything other than truthy just seems wrong to me.