#2033 closed defect (wontfix)
is_approved
Reported by: | Owned by: | Adrian Holovaty | |
---|---|---|---|
Component: | Contrib apps | Version: | dev |
Severity: | normal | Keywords: | User model is_approved |
Cc: | Triage Stage: | Unreviewed | |
Has patch: | no | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | no |
Description
I strongly feel the need for an is_approved field in the User model (django.contrib.auth.models). This field would allow for user systems that require email verification, user systems that require subscriptions/payment, etc...
Checking for is_approved at login should be an option. Here are ome possible solutions, which would both allow for optional approval and backwards compatibility:
- A modified login_required decorator:
@login_required(approval=True)
- A setting in settings.py:
LOGIN_REQUIRES_APPROVAL = True
Change History (9)
comment:1 by , 19 years ago
comment:2 by , 19 years ago
Resolution: | → wontfix |
---|---|
Status: | new → closed |
Won't fix. To do this, just create a separate TemporaryUser model and save unapproved users in there. Then, when they're approved, make them official User objects.
comment:3 by , 19 years ago
I'm with Esaj in thinking is_active
is a better fit than a new field. Also a better fit than any sort of temporary model; just set things up so the user's account isn't active until they confirm it or give the secret handshake or whatever.
comment:4 by , 19 years ago
Resolution: | wontfix |
---|---|
Status: | closed → reopened |
ASP.NET's built in Membership system, which I'm sure was thoroughly thought out, has an IsAppproved (is_approved) field in addition to their IsLockedOut (is_active) field.
I'm not sure you all are seeing the difference between is_active and is_approved. An email verification system works by locking out a user until that user has verified their email address by clicking on a link. If we implement that verification view by having it turn on is_active (is_active = True) instead of using is_approved, then we can never explicitly make our users inactive, because all they would have to do to reactivate their account is click their email verification link. Thus we need to separate the two, having an is_approved field in addition to the is_active field.
comment:5 by , 19 years ago
Oh, and the problem with using a TemporaryUser object is how do you handle someone changing their email address after they've registered? What would deleting or moving the User object to TemporaryUser do to all of that User's posts (the author FK of post)?
comment:7 by , 19 years ago
Per discussion of this on the mailing list, I'm now advocating a user profile class as the best way to do this; that's the standard, built-in way to manage any addiitonal attributes you need on users.
comment:8 by , 19 years ago
Type: | enhancement → defect |
---|
Couldn't
is_active
be used for the same purpose?