mirror of
https://github.com/django/django.git
synced 2024-12-23 17:46:27 +00:00
Fixed #12729 -- Replaced a hard-coded SQL statement with an ORM query so that the contrib.auth ModelBackend will work on a routed multi-db setup. Thanks to dhageman for the report.
Historical note: The SQL that was removed predates Django being open sourced. git-svn-id: http://code.djangoproject.com/svn/django/trunk@12509 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
parent
7ca3e8fecf
commit
6b2f125b80
@ -4,7 +4,7 @@ except NameError:
|
|||||||
from sets import Set as set # Python 2.3 fallback
|
from sets import Set as set # Python 2.3 fallback
|
||||||
|
|
||||||
from django.db import connection
|
from django.db import connection
|
||||||
from django.contrib.auth.models import User
|
from django.contrib.auth.models import User, Permission
|
||||||
|
|
||||||
|
|
||||||
class ModelBackend(object):
|
class ModelBackend(object):
|
||||||
@ -30,32 +30,10 @@ class ModelBackend(object):
|
|||||||
groups.
|
groups.
|
||||||
"""
|
"""
|
||||||
if not hasattr(user_obj, '_group_perm_cache'):
|
if not hasattr(user_obj, '_group_perm_cache'):
|
||||||
cursor = connection.cursor()
|
perms = Permission.objects.filter(group__user=user_obj
|
||||||
# The SQL below works out to the following, after DB quoting:
|
).values_list('content_type__app_label', 'codename'
|
||||||
# cursor.execute("""
|
).order_by()
|
||||||
# SELECT ct."app_label", p."codename"
|
user_obj._group_perm_cache = set(["%s.%s" % (ct, name) for ct, name in perms])
|
||||||
# FROM "auth_permission" p, "auth_group_permissions" gp, "auth_user_groups" ug, "django_content_type" ct
|
|
||||||
# WHERE p."id" = gp."permission_id"
|
|
||||||
# AND gp."group_id" = ug."group_id"
|
|
||||||
# AND ct."id" = p."content_type_id"
|
|
||||||
# AND ug."user_id" = %s, [self.id])
|
|
||||||
qn = connection.ops.quote_name
|
|
||||||
sql = """
|
|
||||||
SELECT ct.%s, p.%s
|
|
||||||
FROM %s p, %s gp, %s ug, %s ct
|
|
||||||
WHERE p.%s = gp.%s
|
|
||||||
AND gp.%s = ug.%s
|
|
||||||
AND ct.%s = p.%s
|
|
||||||
AND ug.%s = %%s""" % (
|
|
||||||
qn('app_label'), qn('codename'),
|
|
||||||
qn('auth_permission'), qn('auth_group_permissions'),
|
|
||||||
qn('auth_user_groups'), qn('django_content_type'),
|
|
||||||
qn('id'), qn('permission_id'),
|
|
||||||
qn('group_id'), qn('group_id'),
|
|
||||||
qn('id'), qn('content_type_id'),
|
|
||||||
qn('user_id'),)
|
|
||||||
cursor.execute(sql, [user_obj.id])
|
|
||||||
user_obj._group_perm_cache = set(["%s.%s" % (row[0], row[1]) for row in cursor.fetchall()])
|
|
||||||
return user_obj._group_perm_cache
|
return user_obj._group_perm_cache
|
||||||
|
|
||||||
def get_all_permissions(self, user_obj):
|
def get_all_permissions(self, user_obj):
|
||||||
|
Loading…
Reference in New Issue
Block a user