#15716: in authoriation backends, has_perm() should return None if it doesn't know about a pemission ---------------------------+--------------------------- Reporter: Kronuz | Owner: nobody Status: new | Milestone: Component: Uncategorized | Version: 1.2 Keywords: | Triage Stage: Unreviewed Has patch: 0 | ---------------------------+--------------------------- For authorization backends, has_perm() should return True if the authorization is granted, False if it's not, and None if it doesn't know about certain permission.
Reading django's source code, I see that if has_perm(), in the backends, returns False, it keeps trying other backends for a successful authorization (i.e. for any other has_perm() in any other backends returning True) I was thinking, shouldn't a has_perm() returning False be a definitive "False" (as in no permission or permission denied and stop trying?) My take would be perhaps has_perm() returning None in case the backend simply doesn't know about the asked permission, so only then django keeps on trying in other backends, but if has_perm() otherwise returns False, it should always mean an absolute Permission Denied. This would allow cases where several authorization backends are set up and some backends handle explicit permission denied rules. -- Ticket URL: <http://code.djangoproject.com/ticket/15716> Django <http://code.djangoproject.com/> The Web framework for perfectionists with deadlines. -- You received this message because you are subscribed to the Google Groups "Django updates" group. To post to this group, send email to django-updates@googlegroups.com. To unsubscribe from this group, send email to django-updates+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-updates?hl=en.
