From f4f61baa8c4e5213d17d99ed562186895b389952 Mon Sep 17 00:00:00 2001 From: Karen Tracey Date: Sat, 12 Nov 2011 17:23:07 +0000 Subject: [PATCH] Fix #16813: Restore checking whether a backend supports inctive users before sending inactive users in for permission checking. Thanks apollo13 for the report and poirier for the patch. git-svn-id: http://code.djangoproject.com/svn/django/trunk@17084 bcc190cf-cafb-0310-a4f2-bffc1f526a37 --- AUTHORS | 1 + django/contrib/auth/models.py | 24 ++++++++++++++-------- django/contrib/auth/tests/auth_backends.py | 2 +- 3 files changed, 17 insertions(+), 10 deletions(-) diff --git a/AUTHORS b/AUTHORS index b64a627d20..3f60b25de0 100644 --- a/AUTHORS +++ b/AUTHORS @@ -408,6 +408,7 @@ answer newbie questions, and generally made Django that much better: Michael Placentra II plisk Daniel Poelzleithner + Dan Poirier polpak@yahoo.com Ross Poulton Mihai Preda diff --git a/django/contrib/auth/models.py b/django/contrib/auth/models.py index 9aeced2462..0fc18fda4d 100644 --- a/django/contrib/auth/models.py +++ b/django/contrib/auth/models.py @@ -142,22 +142,28 @@ def _user_get_all_permissions(user, obj): def _user_has_perm(user, perm, obj): + anon = user.is_anonymous() + active = user.is_active for backend in auth.get_backends(): - if hasattr(backend, "has_perm"): - if obj is not None: - if backend.has_perm(user, perm, obj): + if anon or active or backend.supports_inactive_user: + if hasattr(backend, "has_perm"): + if obj is not None: + if backend.has_perm(user, perm, obj): + return True + else: + if backend.has_perm(user, perm): return True - else: - if backend.has_perm(user, perm): - return True return False def _user_has_module_perms(user, app_label): + anon = user.is_anonymous() + active = user.is_active for backend in auth.get_backends(): - if hasattr(backend, "has_module_perms"): - if backend.has_module_perms(user, app_label): - return True + if anon or active or backend.supports_inactive_user: + if hasattr(backend, "has_module_perms"): + if backend.has_module_perms(user, app_label): + return True return False diff --git a/django/contrib/auth/tests/auth_backends.py b/django/contrib/auth/tests/auth_backends.py index afef0e7286..0337ef14f3 100644 --- a/django/contrib/auth/tests/auth_backends.py +++ b/django/contrib/auth/tests/auth_backends.py @@ -300,7 +300,7 @@ class NoInActiveUserBackendTest(TestCase): def test_has_perm(self): self.assertEqual(self.user1.has_perm('perm', TestObj()), False) - self.assertEqual(self.user1.has_perm('inactive', TestObj()), True) + self.assertEqual(self.user1.has_perm('inactive', TestObj()), False) def test_has_module_perms(self): self.assertEqual(self.user1.has_module_perms("app1"), False)