diff --git a/AUTHORS b/AUTHORS index b64a627d20..3f60b25de0 100644 --- a/AUTHORS +++ b/AUTHORS @@ -408,6 +408,7 @@ answer newbie questions, and generally made Django that much better: Michael Placentra II plisk Daniel Poelzleithner + Dan Poirier polpak@yahoo.com Ross Poulton Mihai Preda diff --git a/django/contrib/auth/models.py b/django/contrib/auth/models.py index 9aeced2462..0fc18fda4d 100644 --- a/django/contrib/auth/models.py +++ b/django/contrib/auth/models.py @@ -142,22 +142,28 @@ def _user_get_all_permissions(user, obj): def _user_has_perm(user, perm, obj): + anon = user.is_anonymous() + active = user.is_active for backend in auth.get_backends(): - if hasattr(backend, "has_perm"): - if obj is not None: - if backend.has_perm(user, perm, obj): + if anon or active or backend.supports_inactive_user: + if hasattr(backend, "has_perm"): + if obj is not None: + if backend.has_perm(user, perm, obj): + return True + else: + if backend.has_perm(user, perm): return True - else: - if backend.has_perm(user, perm): - return True return False def _user_has_module_perms(user, app_label): + anon = user.is_anonymous() + active = user.is_active for backend in auth.get_backends(): - if hasattr(backend, "has_module_perms"): - if backend.has_module_perms(user, app_label): - return True + if anon or active or backend.supports_inactive_user: + if hasattr(backend, "has_module_perms"): + if backend.has_module_perms(user, app_label): + return True return False diff --git a/django/contrib/auth/tests/auth_backends.py b/django/contrib/auth/tests/auth_backends.py index afef0e7286..0337ef14f3 100644 --- a/django/contrib/auth/tests/auth_backends.py +++ b/django/contrib/auth/tests/auth_backends.py @@ -300,7 +300,7 @@ class NoInActiveUserBackendTest(TestCase): def test_has_perm(self): self.assertEqual(self.user1.has_perm('perm', TestObj()), False) - self.assertEqual(self.user1.has_perm('inactive', TestObj()), True) + self.assertEqual(self.user1.has_perm('inactive', TestObj()), False) def test_has_module_perms(self): self.assertEqual(self.user1.has_module_perms("app1"), False)