diff options
| author | Yuri Kaszubowski Lopes <yurikazuba@gmail.com> | 2017-10-15 01:47:49 +0100 |
|---|---|---|
| committer | Tim Graham <timograham@gmail.com> | 2017-10-14 20:48:03 -0400 |
| commit | 325d3027dbd4fdb92a926621f2d8852f072ebcb6 (patch) | |
| tree | 1f669f05e3a3ff1c248e1bb0e39c285cda2f84fa | |
| parent | 6481795d6367fd5031b00513768d1099424d9421 (diff) | |
[2.0.x] Fixed #28713 -- Prevented ModelBackend.get_all_permissions() from mutating get_user_permissions().
Backport of d98210c25577e7f007605f4960672e887dd452e6 from master
| -rw-r--r-- | django/contrib/auth/backends.py | 3 | ||||
| -rw-r--r-- | tests/auth_tests/test_auth_backends.py | 4 |
2 files changed, 4 insertions, 3 deletions
diff --git a/django/contrib/auth/backends.py b/django/contrib/auth/backends.py index 52b80f8c49..be02ac3542 100644 --- a/django/contrib/auth/backends.py +++ b/django/contrib/auth/backends.py @@ -75,7 +75,8 @@ class ModelBackend: if not user_obj.is_active or user_obj.is_anonymous or obj is not None: return set() if not hasattr(user_obj, '_perm_cache'): - user_obj._perm_cache = self.get_user_permissions(user_obj) + user_obj._perm_cache = set() + user_obj._perm_cache.update(self.get_user_permissions(user_obj)) user_obj._perm_cache.update(self.get_group_permissions(user_obj)) return user_obj._perm_cache diff --git a/tests/auth_tests/test_auth_backends.py b/tests/auth_tests/test_auth_backends.py index 744f8ad817..86d535703d 100644 --- a/tests/auth_tests/test_auth_backends.py +++ b/tests/auth_tests/test_auth_backends.py @@ -138,7 +138,7 @@ class BaseModelBackendTest: group.permissions.add(group_perm) self.assertEqual(backend.get_all_permissions(user), {'auth.test_user', 'auth.test_group'}) - self.assertEqual(backend.get_user_permissions(user), {'auth.test_user', 'auth.test_group'}) + self.assertEqual(backend.get_user_permissions(user), {'auth.test_user'}) self.assertEqual(backend.get_group_permissions(user), {'auth.test_group'}) with mock.patch.object(self.UserModel, 'is_anonymous', True): @@ -164,7 +164,7 @@ class BaseModelBackendTest: group.permissions.add(group_perm) self.assertEqual(backend.get_all_permissions(user), {'auth.test_user', 'auth.test_group'}) - self.assertEqual(backend.get_user_permissions(user), {'auth.test_user', 'auth.test_group'}) + self.assertEqual(backend.get_user_permissions(user), {'auth.test_user'}) self.assertEqual(backend.get_group_permissions(user), {'auth.test_group'}) user.is_active = False |