Fixed #12462 - Fixed edge case with auth backends that don't support object permissions. Thanks to Florian Apolloner for catching it.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@12032 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
parent
f93657218c
commit
57d7181caa
|
@ -218,22 +218,26 @@ class User(models.Model):
|
||||||
permissions = set()
|
permissions = set()
|
||||||
for backend in auth.get_backends():
|
for backend in auth.get_backends():
|
||||||
if hasattr(backend, "get_group_permissions"):
|
if hasattr(backend, "get_group_permissions"):
|
||||||
if obj is not None and backend.supports_object_permissions:
|
if obj is not None:
|
||||||
group_permissions = backend.get_group_permissions(self, obj)
|
if backend.supports_object_permissions:
|
||||||
|
permissions.update(
|
||||||
|
backend.get_group_permissions(self, obj)
|
||||||
|
)
|
||||||
else:
|
else:
|
||||||
group_permissions = backend.get_group_permissions(self)
|
permissions.update(backend.get_group_permissions(self))
|
||||||
permissions.update(group_permissions)
|
|
||||||
return permissions
|
return permissions
|
||||||
|
|
||||||
def get_all_permissions(self, obj=None):
|
def get_all_permissions(self, obj=None):
|
||||||
permissions = set()
|
permissions = set()
|
||||||
for backend in auth.get_backends():
|
for backend in auth.get_backends():
|
||||||
if hasattr(backend, "get_all_permissions"):
|
if hasattr(backend, "get_all_permissions"):
|
||||||
if obj is not None and backend.supports_object_permissions:
|
if obj is not None:
|
||||||
all_permissions = backend.get_all_permissions(self, obj)
|
if backend.supports_object_permissions:
|
||||||
|
permissions.update(
|
||||||
|
backend.get_all_permissions(self, obj)
|
||||||
|
)
|
||||||
else:
|
else:
|
||||||
all_permissions = backend.get_all_permissions(self)
|
permissions.update(backend.get_all_permissions(self))
|
||||||
permissions.update(all_permissions)
|
|
||||||
return permissions
|
return permissions
|
||||||
|
|
||||||
def has_perm(self, perm, obj=None):
|
def has_perm(self, perm, obj=None):
|
||||||
|
@ -255,8 +259,9 @@ class User(models.Model):
|
||||||
# Otherwise we need to check the backends.
|
# Otherwise we need to check the backends.
|
||||||
for backend in auth.get_backends():
|
for backend in auth.get_backends():
|
||||||
if hasattr(backend, "has_perm"):
|
if hasattr(backend, "has_perm"):
|
||||||
if obj is not None and backend.supports_object_permissions:
|
if obj is not None:
|
||||||
if backend.has_perm(self, perm, obj):
|
if (backend.supports_object_permissions and
|
||||||
|
backend.has_perm(self, perm, obj)):
|
||||||
return True
|
return True
|
||||||
else:
|
else:
|
||||||
if backend.has_perm(self, perm):
|
if backend.has_perm(self, perm):
|
||||||
|
|
|
@ -69,6 +69,21 @@ class BackendTest(TestCase):
|
||||||
self.assertEqual(user.has_perm('test'), False)
|
self.assertEqual(user.has_perm('test'), False)
|
||||||
self.assertEqual(user.has_perms(['auth.test2', 'auth.test3']), False)
|
self.assertEqual(user.has_perms(['auth.test2', 'auth.test3']), False)
|
||||||
|
|
||||||
|
def test_has_no_object_perm(self):
|
||||||
|
"""Regressiontest for #12462"""
|
||||||
|
user = User.objects.get(username='test')
|
||||||
|
content_type=ContentType.objects.get_for_model(Group)
|
||||||
|
perm = Permission.objects.create(name='test', content_type=content_type, codename='test')
|
||||||
|
user.user_permissions.add(perm)
|
||||||
|
user.save()
|
||||||
|
|
||||||
|
self.assertEqual(user.has_perm('auth.test', 'object'), False)
|
||||||
|
self.assertEqual(user.get_all_permissions('object'), set([]))
|
||||||
|
self.assertEqual(user.has_perm('auth.test'), True)
|
||||||
|
self.assertEqual(user.get_all_permissions(), set(['auth.test']))
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
class TestObj(object):
|
class TestObj(object):
|
||||||
pass
|
pass
|
||||||
|
|
Loading…
Reference in New Issue