summaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
authorJorge C. Leitão <jorgecarleitao@gmail.com>2014-05-08 22:06:46 +0200
committerTim Graham <timograham@gmail.com>2014-05-16 12:57:38 -0400
commit2e364a0aacb49a5160896b1ca5a2619baa3f4d9b (patch)
tree47ca62c7dd65ebce50477cd1325befb7a9c27876 /docs
parentebd70d4d00c252d5122c13906da5bddc8de0bce5 (diff)
Fixed #15716 - Authentication backends can short-circuit authorization.
Authorization backends can now raise PermissionDenied in "has_perm" and "has_module_perms" to short-circuit authorization process.
Diffstat (limited to 'docs')
-rw-r--r--docs/releases/1.8.txt6
-rw-r--r--docs/topics/auth/customizing.txt8
2 files changed, 13 insertions, 1 deletions
diff --git a/docs/releases/1.8.txt b/docs/releases/1.8.txt
index 1c78627ecf..aa39fb2b7c 100644
--- a/docs/releases/1.8.txt
+++ b/docs/releases/1.8.txt
@@ -36,7 +36,11 @@ Minor features
:mod:`django.contrib.auth`
^^^^^^^^^^^^^^^^^^^^^^^^^^
-* ...
+* Authorization backends can now raise
+ :class:`~django.core.exceptions.PermissionDenied` in
+ :meth:`~django.contrib.auth.models.User.has_perm`
+ and :meth:`~django.contrib.auth.models.User.has_module_perms`
+ to short-circuit permission checking.
:mod:`django.contrib.formtools`
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
diff --git a/docs/topics/auth/customizing.txt b/docs/topics/auth/customizing.txt
index 388ebdd1ac..8b9db396cd 100644
--- a/docs/topics/auth/customizing.txt
+++ b/docs/topics/auth/customizing.txt
@@ -180,6 +180,14 @@ The permissions given to the user will be the superset of all permissions
returned by all backends. That is, Django grants a permission to a user that
any one backend grants.
+.. versionadded:: 1.8
+
+ If a backend raises a :class:`~django.core.exceptions.PermissionDenied`
+ exception in :meth:`~django.contrib.auth.models.User.has_perm()` or
+ :meth:`~django.contrib.auth.models.User.has_module_perms()`,
+ the authorization will immediately fail and Django
+ won't check the backends that follow.
+
The simple backend above could implement permissions for the magic admin
fairly simply::