Re: Need some feedback for a fix for #14249

2010-12-13 Thread Harro 
Shameless bump to get some attention for 1.3 :)

Would be really nice to have this for 1.3 as it puts us one step
closer to making the User model replacable !

I think it might be a good idea to move all the checks to the
authentication backend so it works consistently for User.has_perm,
User.has_perms and User.has_module_perms; They all leave the checking
of is_active and is_superuser to the backend.

Then the question becomes if the model backend should use the current
behaviour or should be "fixed" to always return the same expected
result:
get_all_permissions returns all permissions for superusers and no
permissions for in_active users.

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers" group.
To post to this group, send email to django-develop...@googlegroups.com.
To unsubscribe from this group, send email to 
django-developers+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-developers?hl=en.

Need some feedback for a fix for #14249

2010-11-23 Thread Harro 
I have a patch for #14249 [1], but I ran into a problem with inactive
superusers.

Right now the active check is done before the superuser check. If we
move the inactive check to the authentication backend, the superuser
check get's executed before the is_active check, resulting in
in_active superusers having all permissions while before they had
none.

I could fix this one of two ways:

1. Add an extra check in the user class where I check for is_active
and is_superuser before returning True.
2. Move the superuser check to the backend too

The first is a quick fix that will make everything work as it should.

The second is a much more consistent option, as you can then also make
it so get_all_permissions and get_module_permissions return the right
permissions for the superuser. On the other hand, this changes the way
the system works for a superuser.

What are your thoughts?

[1] http://code.djangoproject.com/ticket/14249

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers" group.
To post to this group, send email to django-develop...@googlegroups.com.
To unsubscribe from this group, send email to 
django-developers+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-developers?hl=en.