# Friday, January 23, 2015¶

## Authentiation¶

A test case in Lino Così failed: Refusing permission to an anonymous request. A late side-effect of #70. This was a bit tricky to solve. The problem was about how to decide whether django.contrib.sessions needs to be installed. This decision cannot be made by get_installed_apps since it depends on user_model, which in turn depends on the result of get_installed_apps.

Added new method SITE.get_auth_method, mainly to make things more clear.

Another thing which I understood: UserProfiles, UserGroups and UserLevels are defined in lino.modlib.users.choicelists even though they used by the core also when lino.modlib.users is not installed. Why don’t I put them somewhere below lino.core? Answer: because they are choicelists, and as such they need to have an app_label. So I generalized the setup_user_profiles trick from Lino Welfare to all Lino applications.

Continued on #47 : added a new field needed to lino_welfare.modlib.uploads.models.Upload. Wrote a new demo fixture lino_welfare.modlib.uploads.fixtures.demo2.
lino_welfare.modlib.uploads.models.Upload is now a lino.mixins.DatePeriod instead of manually adding two date :class:fields for the validity period. Which means that the database :class:fields valid_from and valid_until must get migrated to start_date and end_date.
• In lino.core.layouts I renamed ListLayout to ColumnsLayout.
• And I moved the ad, dd and rt modules into a separate package lino.api. For backwards compatibility, the old names will still work for some time