mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-01-03 15:06:09 +00:00
Code Issues 30 Releases Wiki Activity

Fix #16813: Restore checking whether a backend supports inctive users before sending inactive users in for permission checking. Thanks apollo13 for the report and poirier for the patch.

Browse Source 
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17084 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
Karen Tracey 2011-11-12 17:23:07 +00:00
parent 1aef1b20aa
commit f4f61baa8c
3 changed files with 17 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
AUTHORS
View File

@ -408,6 +408,7 @@ answer newbie questions, and generally made Django that much better:
Michael Placentra II <someone@michaelplacentra2.net> Michael Placentra II <someone@michaelplacentra2.net>
plisk plisk
Daniel Poelzleithner <http://poelzi.org/> Daniel Poelzleithner <http://poelzi.org/>
Dan Poirier <poirier@pobox.com>
polpak@yahoo.com polpak@yahoo.com
Ross Poulton <ross@rossp.org> Ross Poulton <ross@rossp.org>
Mihai Preda <mihai_preda@yahoo.com> Mihai Preda <mihai_preda@yahoo.com>

24
django/contrib/auth/models.py
View File

@ -142,22 +142,28 @@ def _user_get_all_permissions(user, obj):
def _user_has_perm(user, perm, obj): def _user_has_perm(user, perm, obj):
anon = user.is_anonymous()
active = user.is_active
for backend in auth.get_backends(): for backend in auth.get_backends():
if hasattr(backend, "has_perm"): if anon or active or backend.supports_inactive_user:
if obj is not None: if hasattr(backend, "has_perm"):
if backend.has_perm(user, perm, obj): if obj is not None:
if backend.has_perm(user, perm, obj):
return True
else:
if backend.has_perm(user, perm):
return True return True
else:
if backend.has_perm(user, perm):
return True
return False return False
def _user_has_module_perms(user, app_label): def _user_has_module_perms(user, app_label):
anon = user.is_anonymous()
active = user.is_active
for backend in auth.get_backends(): for backend in auth.get_backends():
if hasattr(backend, "has_module_perms"): if anon or active or backend.supports_inactive_user:
if backend.has_module_perms(user, app_label): if hasattr(backend, "has_module_perms"):
return True if backend.has_module_perms(user, app_label):
return True
return False return False

2
django/contrib/auth/tests/auth_backends.py
View File

@ -300,7 +300,7 @@ class NoInActiveUserBackendTest(TestCase):
def test_has_perm(self): def test_has_perm(self):
self.assertEqual(self.user1.has_perm('perm', TestObj()), False) self.assertEqual(self.user1.has_perm('perm', TestObj()), False)
self.assertEqual(self.user1.has_perm('inactive', TestObj()), True) self.assertEqual(self.user1.has_perm('inactive', TestObj()), False)
def test_has_module_perms(self): def test_has_module_perms(self):
self.assertEqual(self.user1.has_module_perms("app1"), False) self.assertEqual(self.user1.has_module_perms("app1"), False)