#28588: has_perm with superusers hides non-existent permissions
-------------------------------+-----------------------------------------
Reporter: Paul Hallett | Owner: moshe nahmias
Type: Uncategorized | Status: assigned
Component: contrib.auth | Version: 1.11
Severity: Normal | Resolution:
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 1 | UI/UX: 0
-------------------------------+-----------------------------------------
Changes (by Shai Berger):
* component: Uncategorized => contrib.auth
Comment:
I think we can do this in Debug mode (`settings.DEBUG = True`). Then, it
will not affect sanely-deployed sites. It won't affect testing either --
but I think it reasonable to expect that if a project has tests for its
views, they will not all use an administrative user... It will mostly
affect the developers who are testing by running `runserver` on their
local host and surfing the site with their single account.
I'm not sure doing this in Release mode is as valuable -- it would make no
difference for non-superusers, and for superusers, it can only break
something that currently work and should work (the superuser should have
the permission with the typo...).
I'm not sure if this should then count as a bug, a cleanup, or a new
feature.
--
Ticket URL: <https://code.djangoproject.com/ticket/28588#comment:2>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/063.1f10cc9ae52e3a628eac485cccfc4ef7%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
