https://stackoverflow.com/questions/20757633
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianYou do not need to check is_authenticated(). Non-authenticated users will have an AnonymousUser object in request.user, and that type of object should respond False to all is_staff checks without exception.
Is request.user.is_authenticated() necessary here?
-
21-09-2022 - |
Frage
I am writing a view only for staff users.
def my_view(request):
if request.user.is_staff:
# show something to staff
else:
return my_view_404(request)
It this permission check enough? Any flaw? Or should I check request.user.is_authenticated()?
Lösung
Andere Tipps
No need as request.user.is_staff will check both authentication and staff status.
Lizenziert unter: CC-BY-SA mit Zuschreibung
Nicht verbunden mit StackOverflow
