If we use Django's
AuthenticationMiddleware [Django-doc], then the
HttpRequests that are passed to the view have an attribute
.user that we can use to obtain the logged in user, or the
AnonymousUser in case there is no logged in user for that request.
Often people make queries to obtain the user object, for example with:
from django.contrib.auth.models import User def my_view(request): user = User.objects.get(username=request.user) # …
Why is it a problem?
It is unnecessary. The
request.user is a user model object. It thus has all the attributes the user model has. By querying the database for the user with the given username, we make an extra query, so now we query twice to obtain user details instead of once.
Another problem with this is that we make the views less flexible. Indeed, we here import the user model, if we later decide to use another user model, then we need to rewrite the views. If we would use
get_user_model(…) then it is still not very flexible, since we here make the assumption that the user model will have a
username, and that calling
str(…) on the user model will return that username. If we thus would migrate to a user model that has only an email address, then we will still have to update the views.
What can be done to resolve the problem?
request.user [Django-doc] directly. This is an object of the actively used user model, so Django's
User model by default. It means we do not have to worry about the user model, or how it is linked to the session.
def my_view(request): user = request.user # …
It is possible that sometimes we want to update the user model with the values stored in the database. Using an explicit query however is not very flexible for the reasons explained above. In that case we can use the
.refresh_from_db(…) method [Django-doc] to refresh the data in the
request.user object with values from the database:
def my_view(request): user = request.user # … # we want to retrieve the (updated) values from the database user.refresh_from_db() # …