From be12c9e9082c12e0510b88d08e735ea2af939b07 Mon Sep 17 00:00:00 2001 From: Claude Paroz Date: Thu, 26 Apr 2012 17:15:40 +0000 Subject: [PATCH] Fixed #18038 -- Removed the 'supports_inactive_user' backwards-compatibility flag. Thanks Aymeric Augustin for the initial patch and Ramiro Morales for the review. git-svn-id: http://code.djangoproject.com/svn/django/trunk@17938 bcc190cf-cafb-0310-a4f2-bffc1f526a37 --- django/contrib/auth/__init__.py | 6 --- django/contrib/auth/backends.py | 1 - django/contrib/auth/models.py | 22 +++++----- django/contrib/auth/tests/__init__.py | 2 +- django/contrib/auth/tests/auth_backends.py | 51 ++-------------------- docs/topics/auth.txt | 13 +----- 6 files changed, 16 insertions(+), 79 deletions(-) diff --git a/django/contrib/auth/__init__.py b/django/contrib/auth/__init__.py index 3495e16f7a..dd816ce726 100644 --- a/django/contrib/auth/__init__.py +++ b/django/contrib/auth/__init__.py @@ -1,4 +1,3 @@ -from warnings import warn from django.core.exceptions import ImproperlyConfigured from django.utils.importlib import import_module from django.contrib.auth.signals import user_logged_in, user_logged_out @@ -20,11 +19,6 @@ def load_backend(path): cls = getattr(mod, attr) except AttributeError: raise ImproperlyConfigured('Module "%s" does not define a "%s" authentication backend' % (module, attr)) - - if not hasattr(cls, 'supports_inactive_user'): - warn("Authentication backends without a `supports_inactive_user` attribute are deprecated. Please define it in %s." % cls, - DeprecationWarning) - cls.supports_inactive_user = False return cls() def get_backends(): diff --git a/django/contrib/auth/backends.py b/django/contrib/auth/backends.py index 56cdb423f1..04fbef4788 100644 --- a/django/contrib/auth/backends.py +++ b/django/contrib/auth/backends.py @@ -5,7 +5,6 @@ class ModelBackend(object): """ Authenticates against django.contrib.auth.models.User. """ - supports_inactive_user = True # TODO: Model, login attribute name and password attribute name should be # configurable. diff --git a/django/contrib/auth/models.py b/django/contrib/auth/models.py index 4e1584970c..042420aa8a 100644 --- a/django/contrib/auth/models.py +++ b/django/contrib/auth/models.py @@ -200,14 +200,13 @@ def _user_has_perm(user, perm, obj): anon = user.is_anonymous() active = user.is_active for backend in auth.get_backends(): - if anon or active or backend.supports_inactive_user: - if hasattr(backend, "has_perm"): - if obj is not None: - if backend.has_perm(user, perm, obj): - return True - else: - if backend.has_perm(user, perm): - return True + if hasattr(backend, "has_perm"): + if obj is not None: + if backend.has_perm(user, perm, obj): + return True + else: + if backend.has_perm(user, perm): + return True return False @@ -215,10 +214,9 @@ def _user_has_module_perms(user, app_label): anon = user.is_anonymous() active = user.is_active for backend in auth.get_backends(): - if anon or active or backend.supports_inactive_user: - if hasattr(backend, "has_module_perms"): - if backend.has_module_perms(user, app_label): - return True + if hasattr(backend, "has_module_perms"): + if backend.has_module_perms(user, app_label): + return True return False diff --git a/django/contrib/auth/tests/__init__.py b/django/contrib/auth/tests/__init__.py index cc619776a5..16eaa5c5b4 100644 --- a/django/contrib/auth/tests/__init__.py +++ b/django/contrib/auth/tests/__init__.py @@ -1,6 +1,6 @@ from django.contrib.auth.tests.auth_backends import (BackendTest, RowlevelBackendTest, AnonymousUserBackendTest, NoBackendsTest, - InActiveUserBackendTest, NoInActiveUserBackendTest) + InActiveUserBackendTest) from django.contrib.auth.tests.basic import BasicTestCase from django.contrib.auth.tests.context_processors import AuthContextProcessorTests from django.contrib.auth.tests.decorators import LoginRequiredTestCase diff --git a/django/contrib/auth/tests/auth_backends.py b/django/contrib/auth/tests/auth_backends.py index 2c6e39578e..7b38acfa50 100644 --- a/django/contrib/auth/tests/auth_backends.py +++ b/django/contrib/auth/tests/auth_backends.py @@ -104,12 +104,6 @@ class TestObj(object): class SimpleRowlevelBackend(object): - supports_inactive_user = False - - # This class also supports tests for anonymous user permissions, and - # inactive user permissions via subclasses which just set the - # 'supports_anonymous_user' or 'supports_inactive_user' attribute. - def has_perm(self, user, perm, obj=None): if not obj: return # We only support row level perms @@ -196,16 +190,12 @@ class RowlevelBackendTest(TestCase): self.assertEqual(self.user3.get_group_permissions(TestObj()), set(['group_perm'])) -class AnonymousUserBackend(SimpleRowlevelBackend): - supports_inactive_user = False - - class AnonymousUserBackendTest(TestCase): """ Tests for AnonymousUser delegating to backend. """ - backend = 'django.contrib.auth.tests.auth_backends.AnonymousUserBackend' + backend = 'django.contrib.auth.tests.auth_backends.SimpleRowlevelBackend' def setUp(self): self.curr_auth = settings.AUTHENTICATION_BACKENDS @@ -243,20 +233,11 @@ class NoBackendsTest(TestCase): self.assertRaises(ImproperlyConfigured, self.user.has_perm, ('perm', TestObj(),)) -class InActiveUserBackend(SimpleRowlevelBackend): - supports_inactive_user = True - - -class NoInActiveUserBackend(SimpleRowlevelBackend): - supports_inactive_user = False - - class InActiveUserBackendTest(TestCase): """ - Tests for a inactive user delegating to backend if it has 'supports_inactive_user' = True + Tests for a inactive user """ - - backend = 'django.contrib.auth.tests.auth_backends.InActiveUserBackend' + backend = 'django.contrib.auth.tests.auth_backends.SimpleRowlevelBackend' def setUp(self): self.curr_auth = settings.AUTHENTICATION_BACKENDS @@ -275,29 +256,3 @@ class InActiveUserBackendTest(TestCase): def test_has_module_perms(self): self.assertEqual(self.user1.has_module_perms("app1"), False) self.assertEqual(self.user1.has_module_perms("app2"), False) - - -class NoInActiveUserBackendTest(TestCase): - """ - Tests that an inactive user does not delegate to backend if it has 'supports_inactive_user' = False - """ - backend = 'django.contrib.auth.tests.auth_backends.NoInActiveUserBackend' - - def setUp(self): - self.curr_auth = settings.AUTHENTICATION_BACKENDS - settings.AUTHENTICATION_BACKENDS = tuple(self.curr_auth) + (self.backend,) - self.user1 = User.objects.create_user('test', 'test@example.com', 'test') - self.user1.is_active = False - self.user1.save() - - def tearDown(self): - settings.AUTHENTICATION_BACKENDS = self.curr_auth - - def test_has_perm(self): - self.assertEqual(self.user1.has_perm('perm', TestObj()), False) - self.assertEqual(self.user1.has_perm('inactive', TestObj()), False) - - def test_has_module_perms(self): - self.assertEqual(self.user1.has_module_perms("app1"), False) - self.assertEqual(self.user1.has_module_perms("app2"), False) - diff --git a/docs/topics/auth.txt b/docs/topics/auth.txt index 18f8947d87..8690b832e2 100644 --- a/docs/topics/auth.txt +++ b/docs/topics/auth.txt @@ -1831,8 +1831,6 @@ object the first time a user authenticates:: ADMIN_PASSWORD = 'sha1$4e987$afbcf42e21bd417fb71db8c66b321e9fc33051de' """ - supports_inactive_user = False - def authenticate(self, username=None, password=None): login_valid = (settings.ADMIN_LOGIN == username) pwd_valid = check_password(password, settings.ADMIN_PASSWORD) @@ -1931,15 +1929,8 @@ The support for anonymous users in the permission system allows for anonymous users to have permissions to do something while inactive authenticated users do not. -To enable this on your own backend, you must set the class attribute -``supports_inactive_user`` to ``True``. - -A nonexisting ``supports_inactive_user`` attribute will raise a -``PendingDeprecationWarning`` if used in Django 1.3. In Django 1.4, this -warning will be updated to a ``DeprecationWarning`` which will be displayed -loudly. Additionally ``supports_inactive_user`` will be set to ``False``. -Django 1.5 will assume that every backend supports inactive users being -passed to the authorization methods. +Do not forget to test for the ``is_active`` attribute of the user in your own +backend permission methods. Handling object permissions