Hi Russel, As I said, in my tests an inactive user with staff status could log into the admin, but had no permissions even if he's a superuser.
I think he shouldn't be able to log in at all, instead of logging in and being able to do nothing. In the admin, he can't see nothing, but in other parts of the project he'll be able to log in. If I use the is_authenticated() to show/hide private content, an inactive user would be able to see this content, and that doesn't feel right. The user should be treated almost as 'deleted'. The is_staff and is_active description in the docs looks very similar. Maybe should be clarified that is_staff is only Django admin related, and is_active is related to the entire Django Auth, not only admin. Just my thoughts, hope I'm not being picky with this. Best Regards. Enrico --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users -~----------~----~----~----~------~----~------~--~---
