Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

inactive users should never have any permissions #5

Closed
stefanfoulis opened this issue Jul 18, 2011 · 2 comments
Closed

inactive users should never have any permissions #5

stefanfoulis opened this issue Jul 18, 2011 · 2 comments

Comments

@stefanfoulis
Copy link
Contributor

The default model backend from django.contrib.auth checks for this, but we dont.

Unfortunately all auth backends are iterated over and the permission is granted if one of them returns True. So even if we have both backends installed and the backend from django.contrib.auth returns False, the permission will still be granted for inactive users if they have permissions based on django-rulez.
@stefanfoulis
Copy link
Contributor Author

I'm working on a pull request :-)

@chrisglass
Copy link
Owner

That's a bad bug - let me know if I can help!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@stefanfoulis @chrisglass