Author: kmtracey
Date: 2011-11-12 09:23:07 -0800 (Sat, 12 Nov 2011)
New Revision: 17084
Modified:
django/trunk/AUTHORS
django/trunk/django/contrib/auth/models.py
django/trunk/django/contrib/auth/tests/auth_backends.py
Log:
Fix #16813: Restore checking whether a backend supports inctive users before
sending inactive users in for permission checking. Thanks apollo13 for the
report and poirier for the patch.
Modified: django/trunk/AUTHORS
===================================================================
--- django/trunk/AUTHORS 2011-11-12 13:39:42 UTC (rev 17083)
+++ django/trunk/AUTHORS 2011-11-12 17:23:07 UTC (rev 17084)
@@ -408,6 +408,7 @@
Michael Placentra II <[email protected]>
plisk
Daniel Poelzleithner <http://poelzi.org/>
+ Dan Poirier <[email protected]>
[email protected]
Ross Poulton <[email protected]>
Mihai Preda <[email protected]>
Modified: django/trunk/django/contrib/auth/models.py
===================================================================
--- django/trunk/django/contrib/auth/models.py 2011-11-12 13:39:42 UTC (rev
17083)
+++ django/trunk/django/contrib/auth/models.py 2011-11-12 17:23:07 UTC (rev
17084)
@@ -142,22 +142,28 @@
def _user_has_perm(user, perm, obj):
+ anon = user.is_anonymous()
+ active = user.is_active
for backend in auth.get_backends():
- if hasattr(backend, "has_perm"):
- if obj is not None:
- if backend.has_perm(user, perm, obj):
+ if anon or active or backend.supports_inactive_user:
+ if hasattr(backend, "has_perm"):
+ if obj is not None:
+ if backend.has_perm(user, perm, obj):
+ return True
+ else:
+ if backend.has_perm(user, perm):
return True
- else:
- if backend.has_perm(user, perm):
- return True
return False
def _user_has_module_perms(user, app_label):
+ anon = user.is_anonymous()
+ active = user.is_active
for backend in auth.get_backends():
- if hasattr(backend, "has_module_perms"):
- if backend.has_module_perms(user, app_label):
- return True
+ if anon or active or backend.supports_inactive_user:
+ if hasattr(backend, "has_module_perms"):
+ if backend.has_module_perms(user, app_label):
+ return True
return False
Modified: django/trunk/django/contrib/auth/tests/auth_backends.py
===================================================================
--- django/trunk/django/contrib/auth/tests/auth_backends.py 2011-11-12
13:39:42 UTC (rev 17083)
+++ django/trunk/django/contrib/auth/tests/auth_backends.py 2011-11-12
17:23:07 UTC (rev 17084)
@@ -300,7 +300,7 @@
def test_has_perm(self):
self.assertEqual(self.user1.has_perm('perm', TestObj()), False)
- self.assertEqual(self.user1.has_perm('inactive', TestObj()), True)
+ self.assertEqual(self.user1.has_perm('inactive', TestObj()), False)
def test_has_module_perms(self):
self.assertEqual(self.user1.has_module_perms("app1"), False)
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en.
