On Wed, 17 Jul 2013 14:18:54 -0700 Jon Dufresne <jon.dufre...@gmail.com> wrote: > On Wed, Jul 17, 2013 at 1:25 PM, Arnold Krille <arn...@arnoldarts.de> > wrote: > > > On Wed, 17 Jul 2013 11:22:36 -0700 Jon Dufresne > > <jon.dufre...@gmail.com> wrote:The standard-way depende on your > > views: > > - If its function-based views, use the @login_required-decorator. > > - For class-based views we use the LoginRequiredMixin from > > django-braces. > This is a whitelist approach to the problem. That is, I must specify > every view that requires login. As nearly 99% of my views will require > authentication, I'd prefer to take a blacklist approach. That is, all > views are assumed to require login, unless I annotate the views to > not require a login. This avoids accidentally leaving views publicly > accessible when someone forgets the login_required decorator (or CBV > equivalent). > > I can achieve this with middleware (and maybe a decorator), but it > occurred to me that others probably already do this as well. I am > curious if there is a canonical approach or implementation that > others use for this very purpose.
There was a thread a view days ago listing the blacklist-approach. Still interesting that you need authentication while not needing any authorization... Arnold
signature.asc
Description: PGP signature
