diff options
| author | Jorge C. Leitão <jorgecarleitao@gmail.com> | 2014-05-08 22:06:46 +0200 |
|---|---|---|
| committer | Tim Graham <timograham@gmail.com> | 2014-05-16 12:57:38 -0400 |
| commit | 2e364a0aacb49a5160896b1ca5a2619baa3f4d9b (patch) | |
| tree | 47ca62c7dd65ebce50477cd1325befb7a9c27876 /docs | |
| parent | ebd70d4d00c252d5122c13906da5bddc8de0bce5 (diff) | |
Fixed #15716 - Authentication backends can short-circuit authorization.
Authorization backends can now raise PermissionDenied in "has_perm"
and "has_module_perms" to short-circuit authorization process.
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/releases/1.8.txt | 6 | ||||
| -rw-r--r-- | docs/topics/auth/customizing.txt | 8 |
2 files changed, 13 insertions, 1 deletions
diff --git a/docs/releases/1.8.txt b/docs/releases/1.8.txt index 1c78627ecf..aa39fb2b7c 100644 --- a/docs/releases/1.8.txt +++ b/docs/releases/1.8.txt @@ -36,7 +36,11 @@ Minor features :mod:`django.contrib.auth` ^^^^^^^^^^^^^^^^^^^^^^^^^^ -* ... +* Authorization backends can now raise + :class:`~django.core.exceptions.PermissionDenied` in + :meth:`~django.contrib.auth.models.User.has_perm` + and :meth:`~django.contrib.auth.models.User.has_module_perms` + to short-circuit permission checking. :mod:`django.contrib.formtools` ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ diff --git a/docs/topics/auth/customizing.txt b/docs/topics/auth/customizing.txt index 388ebdd1ac..8b9db396cd 100644 --- a/docs/topics/auth/customizing.txt +++ b/docs/topics/auth/customizing.txt @@ -180,6 +180,14 @@ The permissions given to the user will be the superset of all permissions returned by all backends. That is, Django grants a permission to a user that any one backend grants. +.. versionadded:: 1.8 + + If a backend raises a :class:`~django.core.exceptions.PermissionDenied` + exception in :meth:`~django.contrib.auth.models.User.has_perm()` or + :meth:`~django.contrib.auth.models.User.has_module_perms()`, + the authorization will immediately fail and Django + won't check the backends that follow. + The simple backend above could implement permissions for the magic admin fairly simply:: |
