mirror of https://github.com/django/django.git
Fix #16813: Restore checking whether a backend supports inctive users before sending inactive users in for permission checking. Thanks apollo13 for the report and poirier for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17084 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
parent
1aef1b20aa
commit
f4f61baa8c
1
AUTHORS
1
AUTHORS
|
@ -408,6 +408,7 @@ answer newbie questions, and generally made Django that much better:
|
|||
Michael Placentra II <someone@michaelplacentra2.net>
|
||||
plisk
|
||||
Daniel Poelzleithner <http://poelzi.org/>
|
||||
Dan Poirier <poirier@pobox.com>
|
||||
polpak@yahoo.com
|
||||
Ross Poulton <ross@rossp.org>
|
||||
Mihai Preda <mihai_preda@yahoo.com>
|
||||
|
|
|
@ -142,22 +142,28 @@ def _user_get_all_permissions(user, obj):
|
|||
|
||||
|
||||
def _user_has_perm(user, perm, obj):
|
||||
anon = user.is_anonymous()
|
||||
active = user.is_active
|
||||
for backend in auth.get_backends():
|
||||
if hasattr(backend, "has_perm"):
|
||||
if obj is not None:
|
||||
if backend.has_perm(user, perm, obj):
|
||||
if anon or active or backend.supports_inactive_user:
|
||||
if hasattr(backend, "has_perm"):
|
||||
if obj is not None:
|
||||
if backend.has_perm(user, perm, obj):
|
||||
return True
|
||||
else:
|
||||
if backend.has_perm(user, perm):
|
||||
return True
|
||||
else:
|
||||
if backend.has_perm(user, perm):
|
||||
return True
|
||||
return False
|
||||
|
||||
|
||||
def _user_has_module_perms(user, app_label):
|
||||
anon = user.is_anonymous()
|
||||
active = user.is_active
|
||||
for backend in auth.get_backends():
|
||||
if hasattr(backend, "has_module_perms"):
|
||||
if backend.has_module_perms(user, app_label):
|
||||
return True
|
||||
if anon or active or backend.supports_inactive_user:
|
||||
if hasattr(backend, "has_module_perms"):
|
||||
if backend.has_module_perms(user, app_label):
|
||||
return True
|
||||
return False
|
||||
|
||||
|
||||
|
|
|
@ -300,7 +300,7 @@ class NoInActiveUserBackendTest(TestCase):
|
|||
|
||||
def test_has_perm(self):
|
||||
self.assertEqual(self.user1.has_perm('perm', TestObj()), False)
|
||||
self.assertEqual(self.user1.has_perm('inactive', TestObj()), True)
|
||||
self.assertEqual(self.user1.has_perm('inactive', TestObj()), False)
|
||||
|
||||
def test_has_module_perms(self):
|
||||
self.assertEqual(self.user1.has_module_perms("app1"), False)
|
||||
|
|
Loading…
Reference in New Issue