Re: Default Authorization BackEnd Denying Permissions if ObjectProvided

2018-01-24 Thread Carlton Gibson
Hi Mehmet On Tuesday, 23 January 2018 15:05:06 UTC+1, Mehmet Dogan wrote: > > Do you think what Florian or I sent is a good example to include in the > docs for the way #1? > Yes. I was just looking for where. Candidates: *

RE: Default Authorization BackEnd Denying Permissions if ObjectProvided

2018-01-23 Thread Mehmet Dogan
Thanks for the response. Do you think what Florian or I sent is a good example to include in the docs for the way #1? From: Carlton Gibson Sent: Monday, January 22, 2018 2:13 AM To: Django developers (Contributions to Django itself) Subject: Re: Default Authorization BackEnd Denying Permissions

RE: Default Authorization BackEnd Denying Permissions if ObjectProvided

2018-01-18 Thread Mehmet Dogan
ango-developers@googlegroups.com Subject: Re: Default Authorization BackEnd Denying Permissions if ObjectProvided Hey Mehmet, If a backend relies on PermissionAuthorizationBackend, and another require the ModelOnlyPermissionAuthorizationBackend     So I think this is the point that confuses me. Why you wou

Re: Default Authorization BackEnd Denying Permissions if ObjectProvided

2018-01-17 Thread Mehmet Dogan
Yea :) I just figured that after a few emails. I am learning a lot! On Wed, Jan 17, 2018 at 3:39 PM Florian Apolloner wrote: > > > On Wednesday, January 17, 2018 at 9:04:30 PM UTC+1, Mehmet Dogan wrote: >> >> Although I found it very interesting at first, this looks

Re: Default Authorization BackEnd Denying Permissions if ObjectProvided

2018-01-17 Thread Florian Apolloner
On Wednesday, January 17, 2018 at 9:04:30 PM UTC+1, Mehmet Dogan wrote: > > Although I found it very interesting at first, this looks dangerous since > it changes how the API work for all apps installed. Example, guardian makes > calls to user.has_perm(perm) in several places to check model

Re: Default Authorization BackEnd Denying Permissions if ObjectProvided

2018-01-17 Thread Carlton Gibson
Hi. @Andrew: I'll look at your post anon, as it's longer. On Wednesday, 17 January 2018 20:46:27 UTC+1, Mehmet Dogan wrote: > > Can you give an example of what you mean by option 3. > Well, I don't a concrete suggestion in mind, but the general idea would be to have ModelBackend proxy to

RE: Default Authorization BackEnd Denying Permissions if ObjectProvided

2018-01-17 Thread Mehmet Dogan
Apolloner Sent: Wednesday, January 17, 2018 12:45 PM To: Django developers (Contributions to Django itself) Subject: Re: Default Authorization BackEnd Denying Permissions if ObjectProvided On Wednesday, January 17, 2018 at 5:48:03 PM UTC+1, Mehmet Dogan wrote: Florian, Can you clarify this part, I am

RE: Default Authorization BackEnd Denying Permissions if ObjectProvided

2018-01-17 Thread Mehmet Dogan
: Default Authorization BackEnd Denying Permissions if ObjectProvided Hi Mehmet,  Due to the BC issues, this is fairly in-depth.  Having looked at the history, here are my initial thoughts.  The initial issue here is this behaviour from `ModelBackend`: ``` user.has_perm('foo.change_bar', obj