Permission of unlogged users.

Board » Django Standard Library » Authentication » Permission of unlogged users.

Posted by ezzetabi . Posts 3 Registered at 2010-11-18 08:56:19	2010-11-18 09:03:11 - Permission of unlogged users.
	Please visit the fossil website: http://fossil-scm.org , overall the Login section. Fossil sites use two kind of anon users: nobody and anonymous. An anonymous is a user that logged in using a Captcha as password and a the special username `anonymous'. Nobody instead is any non-logged user. This is useful to show a different site to spiders (nobody) and interested humans (anonymous) without forcing registration. The administrator can configure the permission of those two special users exactly as all others. So, my question is: is it possible to implement something similar in django? Thanks
Posted by Herbert Poul Posts 189 Registered at 2008-10-11 13:03:33	2010-11-18 09:13:09 - Re: Permission of unlogged users.
	sure.. simply create an anonymous user and a custom login dialog with such a capture.. when the user enters 'anonymous' check the capture and log the user into the auth system programmatically there are basically two ways to do log the user in .. the bit more ugly method would be to create a predefined password (like 'xxx') and use that in your code if the captcha works.. something like: from django.contrib.auth import authenticate, login user = authenticate(username=username, password='xxx') if user is not None: if user.is_active: login(request, user) # Redirect to a success page. else: # Return a 'disabled account' error message the second way (which is obviously much nicer) would be to create your own authentication manager which only handles the 'anonymous' user .. and checks if the given password is the captcha which was presented to the user.. check the documentation on how to log a user in and how to create your own authentication backend. hope that helps.. SCT - http://sct.sphene.net This answers the question. (Voted by 1 users including the author of the question.)
Posted by ezzetabi . Posts 3 Registered at 2010-11-18 08:56:19	2010-11-18 09:26:59 - Re: Permission of unlogged users.
	Thanks, it does help a lot. I missed that bit in the documentation. But, as far as I understood there is not way to treat `nobody' as a normal user: I can only use is_anonymous() instead of the usual @permission_required. Right? (nobody is meant as any unlogged user)
Posted by Herbert Poul Posts 189 Registered at 2008-10-11 13:03:33	2010-11-18 09:36:52 - Re: Permission of unlogged users.
	well.. no, nobody users can't have any permissions.. so you can't user @permission_required why do you need permissions for nobody users? simply don't check for any permissions SCT - http://sct.sphene.net
Posted by ezzetabi . Posts 3 Registered at 2010-11-18 08:56:19	2010-11-18 15:12:05 - Re: Permission of unlogged users.
	Well, the advantage to have an explicit nobody user is that you can easily configure a public or a private site just changing the nobody permissions. Want a private site where only registered user can do anything? Just set nobody as permitted of nothing. Want a limited access? Just configure nobody consequently. I found it smart and effective, just the python way. Anyhow, thanks.