diff options
| author | Karen Tracey <kmtracey@gmail.com> | 2011-11-12 17:23:07 +0000 |
|---|---|---|
| committer | Karen Tracey <kmtracey@gmail.com> | 2011-11-12 17:23:07 +0000 |
| commit | f4f61baa8c4e5213d17d99ed562186895b389952 (patch) | |
| tree | 0f30888bc98b9d8c8c14b14a1e852c9a80987102 | |
| parent | 1aef1b20aaf73f19d0f4872a9702f41393014ec6 (diff) | |
Fix #16813: Restore checking whether a backend supports inctive users before sending inactive users in for permission checking. Thanks apollo13 for the report and poirier for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17084 bcc190cf-cafb-0310-a4f2-bffc1f526a37
| -rw-r--r-- | AUTHORS | 1 | ||||
| -rw-r--r-- | django/contrib/auth/models.py | 24 | ||||
| -rw-r--r-- | django/contrib/auth/tests/auth_backends.py | 2 |
3 files changed, 17 insertions, 10 deletions
@@ -408,6 +408,7 @@ answer newbie questions, and generally made Django that much better: Michael Placentra II <someone@michaelplacentra2.net> plisk Daniel Poelzleithner <http://poelzi.org/> + Dan Poirier <poirier@pobox.com> polpak@yahoo.com Ross Poulton <ross@rossp.org> Mihai Preda <mihai_preda@yahoo.com> diff --git a/django/contrib/auth/models.py b/django/contrib/auth/models.py index 9aeced2462..0fc18fda4d 100644 --- a/django/contrib/auth/models.py +++ b/django/contrib/auth/models.py @@ -142,22 +142,28 @@ def _user_get_all_permissions(user, obj): def _user_has_perm(user, perm, obj): + anon = user.is_anonymous() + active = user.is_active for backend in auth.get_backends(): - if hasattr(backend, "has_perm"): - if obj is not None: - if backend.has_perm(user, perm, obj): + if anon or active or backend.supports_inactive_user: + if hasattr(backend, "has_perm"): + if obj is not None: + if backend.has_perm(user, perm, obj): + return True + else: + if backend.has_perm(user, perm): return True - else: - if backend.has_perm(user, perm): - return True return False def _user_has_module_perms(user, app_label): + anon = user.is_anonymous() + active = user.is_active for backend in auth.get_backends(): - if hasattr(backend, "has_module_perms"): - if backend.has_module_perms(user, app_label): - return True + if anon or active or backend.supports_inactive_user: + if hasattr(backend, "has_module_perms"): + if backend.has_module_perms(user, app_label): + return True return False diff --git a/django/contrib/auth/tests/auth_backends.py b/django/contrib/auth/tests/auth_backends.py index afef0e7286..0337ef14f3 100644 --- a/django/contrib/auth/tests/auth_backends.py +++ b/django/contrib/auth/tests/auth_backends.py @@ -300,7 +300,7 @@ class NoInActiveUserBackendTest(TestCase): def test_has_perm(self): self.assertEqual(self.user1.has_perm('perm', TestObj()), False) - self.assertEqual(self.user1.has_perm('inactive', TestObj()), True) + self.assertEqual(self.user1.has_perm('inactive', TestObj()), False) def test_has_module_perms(self): self.assertEqual(self.user1.has_module_perms("app1"), False) |
