Flimm Flimm - 6 months ago 16
Python Question

How do I disallow comments from anonymous users?

I'm using django-contrib-comments, and I'm wondering how to ban anonymous users from posting comments.

Simply not displaying the form to anonymous users is not enough, since anonymous users can still post requests to the correct URL. It is possible to work out the CSRF token and the

security_hash
token as well from previous responses, so that's not enough.

Answer

If your goal is to disallow anonymous users to post comments, you can try to override the default supplied urls. Add login_required to the post_comment view. Do this by modifying urls.py for your django project:

from django.conf.urls import url, include
from django.contrib.auth.decorators import login_required
from django_comments.views.comments import post_comment

urlpatterns = [
    ...
    # the line below will override the url supplied in django_comments.urls
    url(r'^comments/post/$', login_required(post_comment), name='comments-post-comment'),
    url(r'^comments/', include('django_comments.urls')),
    ...
]

Whenever a request is made to /comments/post/, it will use the login_required version of the view, as the pattern will be matched before the one in django_comments.urls.

Comments