Fix #16813: Restore checking whether a backend supports inctive users before sending inactive users in for permission checking. Thanks apollo13 for the report and poirier for the patch.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@17084 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
Karen Tracey 2011-11-12 17:23:07 +00:00
parent 1aef1b20aa
commit f4f61baa8c
3 changed files with 17 additions and 10 deletions

View File

@ -408,6 +408,7 @@ answer newbie questions, and generally made Django that much better:
Michael Placentra II <someone@michaelplacentra2.net> Michael Placentra II <someone@michaelplacentra2.net>
plisk plisk
Daniel Poelzleithner <http://poelzi.org/> Daniel Poelzleithner <http://poelzi.org/>
Dan Poirier <poirier@pobox.com>
polpak@yahoo.com polpak@yahoo.com
Ross Poulton <ross@rossp.org> Ross Poulton <ross@rossp.org>
Mihai Preda <mihai_preda@yahoo.com> Mihai Preda <mihai_preda@yahoo.com>

View File

@ -142,7 +142,10 @@ def _user_get_all_permissions(user, obj):
def _user_has_perm(user, perm, obj): def _user_has_perm(user, perm, obj):
anon = user.is_anonymous()
active = user.is_active
for backend in auth.get_backends(): for backend in auth.get_backends():
if anon or active or backend.supports_inactive_user:
if hasattr(backend, "has_perm"): if hasattr(backend, "has_perm"):
if obj is not None: if obj is not None:
if backend.has_perm(user, perm, obj): if backend.has_perm(user, perm, obj):
@ -154,7 +157,10 @@ def _user_has_perm(user, perm, obj):
def _user_has_module_perms(user, app_label): def _user_has_module_perms(user, app_label):
anon = user.is_anonymous()
active = user.is_active
for backend in auth.get_backends(): for backend in auth.get_backends():
if anon or active or backend.supports_inactive_user:
if hasattr(backend, "has_module_perms"): if hasattr(backend, "has_module_perms"):
if backend.has_module_perms(user, app_label): if backend.has_module_perms(user, app_label):
return True return True

View File

@ -300,7 +300,7 @@ class NoInActiveUserBackendTest(TestCase):
def test_has_perm(self): def test_has_perm(self):
self.assertEqual(self.user1.has_perm('perm', TestObj()), False) self.assertEqual(self.user1.has_perm('perm', TestObj()), False)
self.assertEqual(self.user1.has_perm('inactive', TestObj()), True) self.assertEqual(self.user1.has_perm('inactive', TestObj()), False)
def test_has_module_perms(self): def test_has_module_perms(self):
self.assertEqual(self.user1.has_module_perms("app1"), False) self.assertEqual(self.user1.has_module_perms("app1"), False)