Hi Tom, On 02/23/2012 08:41 AM, Tom Evans wrote: > I don't like this function that much. It doesn't actually check > whether users are authenticated - which is to say, they have presented > credentials which we have accepted and authorized them to use to the > site. Instead it always returns true. is_not_anonymous_user() may be a > better name. > > User.is_authenticated() is documented like so: > > """ > is_authenticated() > Always returns True. This is a way to tell if the user has been > authenticated. This does not imply any permissions, and doesn't check > if the user is active - it only indicates that the user has provided a > valid username and password. > """" > > This is misleading, as it doesn't actually indicate that the user has > provided a valid username and password, since it always returns True. [snip] > Obviously, this function cannot change in behaviour or name, so I > suggest altering the docs, dropping the clause about indicating that > the user has provided username and password to make it clearer what > this method does.
I agree with you on all counts: the method is poorly named, it can't be changed now (and is not worth a deprecation process), but the docs should be less misleading. Can you file a ticket for this? Carl
signature.asc
Description: OpenPGP digital signature
