Saturday, March 28, 2020

Question about Guest users and AnonymousUser best practices

I'm trying to convert an existing project to have a "guest user" experience that is very much like a logged in user with some minor differences. Does anyone have opinions, or a pointer to some guides about the best practices around this?

We already have foreign keys in a few places that point to settings.AUTH_USER_MODEL, and AnonymousUser doesn't work there.

TBH all my Django projects have required a login or a completely different experience for anonymous users, but it seems like there are lots of potential and subtle pitfalls.

Some ideas we're considering:

* class: make a new user class, GuestUser, based on AbstractBaseUser and some how have each session create a new one of these (then expire these aggressively)
* user: have a single global guestuser that's a real user. I imagine we need middleware to make anonymous users become this automatically and without a password.
* DB: update models to have a separate foreign key or is_guest_flag to indicate a guest user (or the global guest user) and code around this.
* groups: create a batch of users in a special group and "login" anonymous sessions to one of these automatically. Works with the usual permissions nicely. Has the benefit of letting us have a limit on these, but seems like class with a lot of extra work to manage and expire these.

Leading questions:

* How to keep it simple?
* Is there a pre-made solution?
* How do we promote guest users to real users?
* Which approach breaks the least 3rd party packages?

Our current favorite is the class approach. In djangoSHOP they set is_active=False and have clearly thought through this in the context of a shopping site with extremely important guest shopping-carts (link below).

Related links:

* https://django-shop.readthedocs.io/en/latest/reference/customer-model.html
* https://simpleisbetterthancomplex.com/tutorial/2016/07/22/how-to-extend-django-user-model.html
* https://simpleisbetterthancomplex.com/tutorial/2018/01/18/how-to-implement-multiple-user-types-with-django.html

Thanks,
/charles

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/bd3d9b4f-e963-49a5-9d03-59388658d295%40googlegroups.com.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)