You do not need to check is_authenticated()
. Non-authenticated users will have an AnonymousUser
object in request.user
, and that type of object should respond False
to all is_staff
checks without exception.
Is request.user.is_authenticated() necessary here?
-
21-09-2022 - |
質問
I am writing a view only for staff users.
def my_view(request):
if request.user.is_staff:
# show something to staff
else:
return my_view_404(request)
It this permission check enough? Any flaw? Or should I check request.user.is_authenticated()?
解決
他のヒント
No need as request.user.is_staff will check both authentication and staff status.
所属していません StackOverflow