Fix #16813: Restore checking whether a backend supports inctive users before sending inactive users in for permission checking. Thanks apollo13 for the report and poirier for the patch.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@17084 bcc190cf-cafb-0310-a4f2-bffc1f526a37

AUTHORS

@@ -408,6 +408,7 @@ answer newbie questions, and generally made Django that much better:
     Michael Placentra II <someone@michaelplacentra2.net>
     plisk
     Daniel Poelzleithner <http://poelzi.org/>
+    Dan Poirier <poirier@pobox.com>
     polpak@yahoo.com
     Ross Poulton <ross@rossp.org>
     Mihai Preda <mihai_preda@yahoo.com>

django/contrib/auth/models.py

@@ -142,22 +142,28 @@ def _user_get_all_permissions(user, obj):
 
 
 def _user_has_perm(user, perm, obj):
+    anon = user.is_anonymous()
+    active = user.is_active
     for backend in auth.get_backends():
-        if hasattr(backend, "has_perm"):
-            if obj is not None:
-                if backend.has_perm(user, perm, obj):
+        if anon or active or backend.supports_inactive_user:
+            if hasattr(backend, "has_perm"):
+                if obj is not None:
+                    if backend.has_perm(user, perm, obj):
+                            return True
+                else:
+                    if backend.has_perm(user, perm):
                         return True
-            else:
-                if backend.has_perm(user, perm):
-                    return True
     return False
 
 
 def _user_has_module_perms(user, app_label):
+    anon = user.is_anonymous()
+    active = user.is_active
     for backend in auth.get_backends():
-        if hasattr(backend, "has_module_perms"):
-            if backend.has_module_perms(user, app_label):
-                return True
+        if anon or active or backend.supports_inactive_user:
+            if hasattr(backend, "has_module_perms"):
+                if backend.has_module_perms(user, app_label):
+                    return True
     return False
 
 

django/contrib/auth/tests/auth_backends.py

@@ -300,7 +300,7 @@ class NoInActiveUserBackendTest(TestCase):
 
     def test_has_perm(self):
         self.assertEqual(self.user1.has_perm('perm', TestObj()), False)
-        self.assertEqual(self.user1.has_perm('inactive', TestObj()), True)
+        self.assertEqual(self.user1.has_perm('inactive', TestObj()), False)
 
     def test_has_module_perms(self):
         self.assertEqual(self.user1.has_module_perms("app1"), False)