On Wed, Jul 17, 2013 at 1:25 PM, Arnold Krille <arn...@arnoldarts.de> wrote:
> On Wed, 17 Jul 2013 11:22:36 -0700 Jon Dufresne > <jon.dufre...@gmail.com> wrote:The standard-way depende on your views: > - If its function-based views, use the @login_required-decorator. > - For class-based views we use the LoginRequiredMixin from > django-braces. > Thanks. This is a whitelist approach to the problem. That is, I must specify every view that requires login. As nearly 99% of my views will require authentication, I'd prefer to take a blacklist approach. That is, all views are assumed to require login, unless I annotate the views to not require a login. This avoids accidentally leaving views publicly accessible when someone forgets the login_required decorator (or CBV equivalent). I can achieve this with middleware (and maybe a decorator), but it occurred to me that others probably already do this as well. I am curious if there is a canonical approach or implementation that others use for this very purpose. Thanks, Jon -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To post to this group, send email to django-users@googlegroups.com. Visit this group at http://groups.google.com/group/django-users. For more options, visit https://groups.google.com/groups/opt_out.
