summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKaren Tracey <kmtracey@gmail.com>2011-11-12 17:23:07 +0000
committerKaren Tracey <kmtracey@gmail.com>2011-11-12 17:23:07 +0000
commitf4f61baa8c4e5213d17d99ed562186895b389952 (patch)
tree0f30888bc98b9d8c8c14b14a1e852c9a80987102
parent1aef1b20aaf73f19d0f4872a9702f41393014ec6 (diff)
Fix #16813: Restore checking whether a backend supports inctive users before sending inactive users in for permission checking. Thanks apollo13 for the report and poirier for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17084 bcc190cf-cafb-0310-a4f2-bffc1f526a37
-rw-r--r--AUTHORS1
-rw-r--r--django/contrib/auth/models.py24
-rw-r--r--django/contrib/auth/tests/auth_backends.py2
3 files changed, 17 insertions, 10 deletions
diff --git a/AUTHORS b/AUTHORS
index b64a627d20..3f60b25de0 100644
--- a/AUTHORS
+++ b/AUTHORS
@@ -408,6 +408,7 @@ answer newbie questions, and generally made Django that much better:
Michael Placentra II <someone@michaelplacentra2.net>
plisk
Daniel Poelzleithner <http://poelzi.org/>
+ Dan Poirier <poirier@pobox.com>
polpak@yahoo.com
Ross Poulton <ross@rossp.org>
Mihai Preda <mihai_preda@yahoo.com>
diff --git a/django/contrib/auth/models.py b/django/contrib/auth/models.py
index 9aeced2462..0fc18fda4d 100644
--- a/django/contrib/auth/models.py
+++ b/django/contrib/auth/models.py
@@ -142,22 +142,28 @@ def _user_get_all_permissions(user, obj):
def _user_has_perm(user, perm, obj):
+ anon = user.is_anonymous()
+ active = user.is_active
for backend in auth.get_backends():
- if hasattr(backend, "has_perm"):
- if obj is not None:
- if backend.has_perm(user, perm, obj):
+ if anon or active or backend.supports_inactive_user:
+ if hasattr(backend, "has_perm"):
+ if obj is not None:
+ if backend.has_perm(user, perm, obj):
+ return True
+ else:
+ if backend.has_perm(user, perm):
return True
- else:
- if backend.has_perm(user, perm):
- return True
return False
def _user_has_module_perms(user, app_label):
+ anon = user.is_anonymous()
+ active = user.is_active
for backend in auth.get_backends():
- if hasattr(backend, "has_module_perms"):
- if backend.has_module_perms(user, app_label):
- return True
+ if anon or active or backend.supports_inactive_user:
+ if hasattr(backend, "has_module_perms"):
+ if backend.has_module_perms(user, app_label):
+ return True
return False
diff --git a/django/contrib/auth/tests/auth_backends.py b/django/contrib/auth/tests/auth_backends.py
index afef0e7286..0337ef14f3 100644
--- a/django/contrib/auth/tests/auth_backends.py
+++ b/django/contrib/auth/tests/auth_backends.py
@@ -300,7 +300,7 @@ class NoInActiveUserBackendTest(TestCase):
def test_has_perm(self):
self.assertEqual(self.user1.has_perm('perm', TestObj()), False)
- self.assertEqual(self.user1.has_perm('inactive', TestObj()), True)
+ self.assertEqual(self.user1.has_perm('inactive', TestObj()), False)
def test_has_module_perms(self):
self.assertEqual(self.user1.has_module_perms("app1"), False)