Hi,
On Monday, October 2, 2017 at 2:24:31 PM UTC+2, moshe nahmias wrote:
>
> If yes I think I have a good solution, I will return on the check if perm
> in Permission.all()
>
Where exactly do you propose to do that? Here:
Thanks for the corrections and input.
If I will keep the check and return False if the permission doesn't exist,
will it be OK?
If yes I think I have a good solution, I will return on the check if perm
in Permission.all()
So instead of:
return True
we will have:
return perm in
Hi,
On Friday, September 29, 2017 at 7:00:41 PM UTC+2, moshe nahmias wrote:
>
> 3. Return False if the permission doesn't exist means that we go through
> the same path as a regular user, since (at least on
> auth.backends.ModelBackend) we check already if the user is superuser and
> if so we
Florian, now the implementation is if the backend doesn't implement the
has_perm we use continue so the code is not checked at all and return False
for a regular user.
The solutions suggested here are logging, raise an error on DEBUG = True
and return False if the permission doesn't exist (if I
Can we define a new API on the permission backend, "verify_permission_exists()"
or some such, and just call it if settings.DEBUG and it is provided? That
doesn't seem very complex to me, and doesn't necessarily imply a huge
performance hit (even in DEBUG).
On Thursday 28 September 2017
I suppose we can tentatively accept the ticket, but I looked at the code
briefly and agree with Florian's assessment. If someone proposes a patch,
we can evaluate it, however, I don't see a simple way forward that wouldn't
have a security risk or an adverse effect on performance. Given the
On 09/25/2017 08:56 PM, Dan Watson wrote:
Seems like maybe it would be more helpful if has_perm logged a note
about the permission not existing (probably only in debug), rather than
just returning False. In fact, I'd argue it should still return True --
if the permission did exist, the
I agree with Shai's comment on the ticket, changing it to raise a
DoesNotExist when DEBUG=True. I think it's an acceptable compromise between
backwards compat and helping find bugs.
On 25 September 2017 at 11:56, Dan Watson wrote:
> Seems like maybe it would be more helpful
Seems like maybe it would be more helpful if has_perm logged a note about
the permission not existing (probably only in debug), rather than just
returning False. In fact, I'd argue it should still return True -- if the
permission did exist, the superuser would have it. And there's a
Hi,
I am a python developer and like to use Django for web development.
Since I like the framework I want to contribute back, so I looked at the
open tickets to find something I can start with contributing and found
ticket 28588.
This ticket is about when checking if the user has permission for
10 matches
Mail list logo