summaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
authorTim Graham <timograham@gmail.com>2014-01-16 07:46:35 -0500
committerTim Graham <timograham@gmail.com>2014-01-22 13:09:44 -0500
commit8eca53f0bef783e5c11877fe18a6651543605af1 (patch)
treed7f099f866190187de6cf645c9893249e81566b4 /docs
parent4cf556db4850d922ccda4fe9529ea5aa43620b0b (diff)
[1.6.x] Fixed #20834 -- Described how caching of user permissions works.
Thanks Giggaflop and Jennifer Casavantes. Backport of 5f9790072d from master
Diffstat (limited to 'docs')
-rw-r--r--docs/topics/auth/default.txt33
1 files changed, 33 insertions, 0 deletions
diff --git a/docs/topics/auth/default.txt b/docs/topics/auth/default.txt
index 1d66da567b..40c81f2e14 100644
--- a/docs/topics/auth/default.txt
+++ b/docs/topics/auth/default.txt
@@ -249,6 +249,39 @@ The permission can then be assigned to a
attribute or to a :class:`~django.contrib.auth.models.Group` via its
``permissions`` attribute.
+Permission caching
+------------------
+
+The :class:`~django.contrib.auth.backends.ModelBackend` caches permissions on
+the ``User`` object after the first time they need to be fetched for a
+permissions check. This is typically fine for the request-response cycle since
+permissions are not typically checked immediately after they are added (in the
+admin, for example). If you are adding permissions and checking them immediately
+afterward, in a test or view for example, the easiest solution is to re-fetch
+the ``User`` from the database. For example::
+
+ from django.contrib.auth.models import Permission, User
+ from django.shortcuts import get_object_or_404
+
+ def user_gains_perms(request, user_id):
+ user = get_object_or_404(User, pk=user_id)
+ # any permission check will cache the current set of permissions
+ user.has_perm('myapp.change_bar')
+
+ permission = Permission.objects.get(codename='change_bar')
+ user.user_permissions.add(permission)
+
+ # Checking the cached permission set
+ user.has_perm('myapp.change_bar') # False
+
+ # Request new instance of User
+ user = get_object_or_404(User, pk=user_id)
+
+ # Permission cache is repopulated from the database
+ user.has_perm('myapp.change_bar') # True
+
+ ...
+
.. _auth-web-requests:
Authentication in Web requests