If you ask me this just points out to some point i mentioned in the
original Custom UserModel Thread. I'm trying to reframe it again.
I think the current django.contrib.auth *app* somehow behaves like some
mixture of
django.core._mixins_everyone_should_use_to_make_apps_interoperability and
contrib.auth
As Ross pointed out in this original thread: it is usefull that everyone
uses the AbstractBaseUser - and i'm interpreting now - *because it would be
better for interoperability and security*
I think its possible and not bad designed at all to have this kinda stuff
as core material.
So - most apps use authorization features as .*has_perm()* or .*
is_superuser*...
If decoupling it into clear interfaces this could make custom development
much easier without loosing interoperability. i would suggest there
shouldn't be a default user attributes like .*is_superuser* because thats
very restrictive and nasty to workaround. And its clearly an authorization
and no authentication feature.
So why not having it somehow like this? (pythonic pseudocode)
core.mixins.authentication:
*AuthModelMixin*:
-abstract-
*UniqueIdentifier*
*get_authentication_id*(): return UniqueIdentifier
*get_long_name*(): return UniqueIdentifier
*get_short_name*(): return UniqueIdentifier
*DjangoAuthModelMixin*(AuthModelMixin):
-abstract-
*UniqueIdentifier*
*password*
*last_login* #(for password reset token etc.)
*check_password*() ..
*set_password*()...
core.mixins.personalyzation:
*PersonalDataModelMixin*:
-abstract-
*first_name*
*last_name*
*get_long_name*(): return first_name+last_name
*get_short_name*(): return first_name
core.mixins.authorization
*PermissionModelMixin*:
IS_SUPERUSER = "not_as_an_user_attribute_necessarily__is_superuser"
IS_STAFF = "not_as_an_user_attribute_necessarily__is_staff"
-abstractmethod-
*has_perm*():
# or maybe even as property for backwards compatibility
*is_staff*():return False
*is_superuser*(): return False
*DjangoPermissionModelMixin*(PermissionMixin):
*has_perm*(permission): return self.is_superuser() or
self._check_for_permission(permission)
*_check_for_permission*(permission):
if permission == IS_STAFF:
return self.is_staff()
else:
super(django1.5a.contrib.auth.User,self).has_perm(permission)
and contrib.auth:
*User*(Mixina,b,c,d):
*date_joined*
.....
Didn't think abt every detail - just ment to point out what i would suggest
to possibly fit all needs.
Best regards and sry for this *little* novel
ludwig
--
You received this message because you are subscribed to the Google Groups
"Django developers" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/django-developers/-/36x8Ecpj9scJ.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/django-developers?hl=en.
