diff --git a/django/contrib/auth/models.py b/django/contrib/auth/models.py index 8148d8a9928..ceab7baf122 100644 --- a/django/contrib/auth/models.py +++ b/django/contrib/auth/models.py @@ -218,22 +218,26 @@ class User(models.Model): permissions = set() for backend in auth.get_backends(): if hasattr(backend, "get_group_permissions"): - if obj is not None and backend.supports_object_permissions: - group_permissions = backend.get_group_permissions(self, obj) + if obj is not None: + if backend.supports_object_permissions: + permissions.update( + backend.get_group_permissions(self, obj) + ) else: - group_permissions = backend.get_group_permissions(self) - permissions.update(group_permissions) + permissions.update(backend.get_group_permissions(self)) return permissions def get_all_permissions(self, obj=None): permissions = set() for backend in auth.get_backends(): if hasattr(backend, "get_all_permissions"): - if obj is not None and backend.supports_object_permissions: - all_permissions = backend.get_all_permissions(self, obj) + if obj is not None: + if backend.supports_object_permissions: + permissions.update( + backend.get_all_permissions(self, obj) + ) else: - all_permissions = backend.get_all_permissions(self) - permissions.update(all_permissions) + permissions.update(backend.get_all_permissions(self)) return permissions def has_perm(self, perm, obj=None): @@ -255,9 +259,10 @@ class User(models.Model): # Otherwise we need to check the backends. for backend in auth.get_backends(): if hasattr(backend, "has_perm"): - if obj is not None and backend.supports_object_permissions: - if backend.has_perm(self, perm, obj): - return True + if obj is not None: + if (backend.supports_object_permissions and + backend.has_perm(self, perm, obj)): + return True else: if backend.has_perm(self, perm): return True diff --git a/django/contrib/auth/tests/auth_backends.py b/django/contrib/auth/tests/auth_backends.py index bf5611aef0d..af15d0b03b5 100644 --- a/django/contrib/auth/tests/auth_backends.py +++ b/django/contrib/auth/tests/auth_backends.py @@ -69,6 +69,21 @@ class BackendTest(TestCase): self.assertEqual(user.has_perm('test'), False) self.assertEqual(user.has_perms(['auth.test2', 'auth.test3']), False) + def test_has_no_object_perm(self): + """Regressiontest for #12462""" + user = User.objects.get(username='test') + content_type=ContentType.objects.get_for_model(Group) + perm = Permission.objects.create(name='test', content_type=content_type, codename='test') + user.user_permissions.add(perm) + user.save() + + self.assertEqual(user.has_perm('auth.test', 'object'), False) + self.assertEqual(user.get_all_permissions('object'), set([])) + self.assertEqual(user.has_perm('auth.test'), True) + self.assertEqual(user.get_all_permissions(), set(['auth.test'])) + + + class TestObj(object): pass