Fixed #12462 - Fixed edge case with auth backends that don't support object permissions. Thanks to Florian Apolloner for catching it.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@12032 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
Jannis Leidel 2009-12-30 22:12:57 +00:00
parent f93657218c
commit 57d7181caa
2 changed files with 31 additions and 11 deletions

View File

@ -218,22 +218,26 @@ class User(models.Model):
permissions = set()
for backend in auth.get_backends():
if hasattr(backend, "get_group_permissions"):
if obj is not None and backend.supports_object_permissions:
group_permissions = backend.get_group_permissions(self, obj)
if obj is not None:
if backend.supports_object_permissions:
permissions.update(
backend.get_group_permissions(self, obj)
)
else:
group_permissions = backend.get_group_permissions(self)
permissions.update(group_permissions)
permissions.update(backend.get_group_permissions(self))
return permissions
def get_all_permissions(self, obj=None):
permissions = set()
for backend in auth.get_backends():
if hasattr(backend, "get_all_permissions"):
if obj is not None and backend.supports_object_permissions:
all_permissions = backend.get_all_permissions(self, obj)
if obj is not None:
if backend.supports_object_permissions:
permissions.update(
backend.get_all_permissions(self, obj)
)
else:
all_permissions = backend.get_all_permissions(self)
permissions.update(all_permissions)
permissions.update(backend.get_all_permissions(self))
return permissions
def has_perm(self, perm, obj=None):
@ -255,9 +259,10 @@ class User(models.Model):
# Otherwise we need to check the backends.
for backend in auth.get_backends():
if hasattr(backend, "has_perm"):
if obj is not None and backend.supports_object_permissions:
if backend.has_perm(self, perm, obj):
return True
if obj is not None:
if (backend.supports_object_permissions and
backend.has_perm(self, perm, obj)):
return True
else:
if backend.has_perm(self, perm):
return True

View File

@ -69,6 +69,21 @@ class BackendTest(TestCase):
self.assertEqual(user.has_perm('test'), False)
self.assertEqual(user.has_perms(['auth.test2', 'auth.test3']), False)
def test_has_no_object_perm(self):
"""Regressiontest for #12462"""
user = User.objects.get(username='test')
content_type=ContentType.objects.get_for_model(Group)
perm = Permission.objects.create(name='test', content_type=content_type, codename='test')
user.user_permissions.add(perm)
user.save()
self.assertEqual(user.has_perm('auth.test', 'object'), False)
self.assertEqual(user.get_all_permissions('object'), set([]))
self.assertEqual(user.has_perm('auth.test'), True)
self.assertEqual(user.get_all_permissions(), set(['auth.test']))
class TestObj(object):
pass