diff --git a/docs/authentication.txt b/docs/authentication.txt index aa3ced3b97..eaf3cc2b99 100644 --- a/docs/authentication.txt +++ b/docs/authentication.txt @@ -53,10 +53,10 @@ Fields Set this to ``False`` instead of deleting accounts. * ``is_superuser`` -- Boolean. Designates whether this user has permission to do anything (according to the permission system). - * ``last_login`` -- A datetime of the user's last login. Is set to "now" by - default. + * ``last_login`` -- A datetime of the user's last login. Is set to the + current date/time by default. * ``date_joined`` -- A datetime designating when the account was created. - Is set to "now" by default when the account is created. + Is set to the current date/time by default when the account is created. Methods ~~~~~~~ @@ -118,7 +118,7 @@ methods: Module functions ~~~~~~~~~~~~~~~~ -The ``django.models.users`` module has the following helper functions: +The ``django.models.auth.users`` module has the following helper functions: * ``create_user(username, email, password)`` -- Creates, saves and returns a ``User``. The ``username``, ``email`` and ``password`` are set as @@ -208,12 +208,13 @@ The simple, raw way to limit access to pages is to check ``request.user.is_anonymous()`` and either redirect to a login page:: from django.utils.httpwrappers import HttpResponseRedirect + def my_view(request): if request.user.is_anonymous(): return HttpResponseRedirect('/login/?next=%s' % request.path) # ... -...or displaying an error message:: +...or display an error message:: def my_view(request): if request.user.is_anonymous(): @@ -226,13 +227,15 @@ The login_required decorator As a shortcut, you can use the convenient ``login_required`` decorator:: from django.views.decorators.auth import login_required + def my_view(request): # ... my_view = login_required(my_view) -Here's the same, using Python 2.4's decorator syntax:: +Here's the same thing, using Python 2.4's decorator syntax:: from django.views.decorators.auth import login_required + @login_required def my_view(request): # ... @@ -263,12 +266,15 @@ permission ``polls.can_vote``:: As a shortcut, you can use the convenient ``user_passes_test`` decorator:: from django.views.decorators.auth import user_passes_test + @user_passes_test(lambda u: u.has_perm('polls.can_vote')) def my_view(request): # ... ``user_passes_test`` takes a required argument: a callable that takes a ``User`` object and returns ``True`` if the user is allowed to view the page. +Note that ``user_passes_test`` does not automatically check that the ``User`` +is not anonymous.