On Thu, Oct 15, 2009 at 12:24 PM, Shawn Milochik <shawn.m...@gmail.com>wrote:
> > Middleware question: > > If 100% of an apps views require a logged-in user except for the login > page, does it makes sense to have middleware check the URL and > redirect to the login page rather than putting the @login_required > decorator over all the views? > This is what I do, yeah. It's a nice way to "decorate" your site when your auth requirement isn't so fine grained. We have an AuthRequirementMiddleware that you might find useful -- though it may be just as easy to rewrite. :) It lets you specify path prefixes (in settings.py) that are exempt from the auth check. It sounds like you might want to invert that logic. Release: http://pypi.python.org/pypi/djangohelpers Forkable trunk: http://github.com/ccnmtl/djangohelpers I have to ensure that users' passwords expire, and to do that I need > to check the user's profile on each page load and redirect to the > password change page if it has. > I tried doing this within a context processor, but redirection doesn't > work from there. I was told on the IRC channel that I should be using > middleware. > > If that's the case, doesn't it makes sense to just handle the (nearly > identical) task of @login_required in the same middleware? > I'd keep them in separate middlewares for cleaner organization and futureproofing, but YMMV. egj --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---
