You do not need to check is_authenticated()
. Non-authenticated users will have an AnonymousUser
object in request.user
, and that type of object should respond False
to all is_staff
checks without exception.
Is request.user.is_authenticated() necessary here?
-
21-09-2022 - |
Question
I am writing a view only for staff users.
def my_view(request):
if request.user.is_staff:
# show something to staff
else:
return my_view_404(request)
It this permission check enough? Any flaw? Or should I check request.user.is_authenticated()?
La solution
Autres conseils
No need as request.user.is_staff will check both authentication and staff status.
Licencié sous: CC-BY-SA avec attribution
Non affilié à StackOverflow