Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

[1.4.x] Fixed #18979 -- Avoid endless loop caused by "val in PermLook…

…upDict"

Fixed by defining __iter__ which raises TypeError. This was done to
PermWrapper earlier.

Backport of 50d573d
  • Loading branch information...
commit 1f537335d9ff659cb0996d6523ad8ab7b3c49f4e 1 parent bd514f2
Anssi Kääriäinen authored September 27, 2012
5  django/contrib/auth/context_processors.py
@@ -11,6 +11,11 @@ def __repr__(self):
11 11
     def __getitem__(self, perm_name):
12 12
         return self.user.has_perm("%s.%s" % (self.module_name, perm_name))
13 13
 
  14
+    def __iter__(self):
  15
+        # To fix 'item in perms.someapp' and __getitem__ iteraction we need to
  16
+        # define __iter__. See #18979 for details.
  17
+        raise TypeError("PermLookupDict is not iterable.")
  18
+
14 19
     def __nonzero__(self):
15 20
         return self.user.has_module_perms(self.module_name)
16 21
 
44  django/contrib/auth/tests/context_processors.py
@@ -2,12 +2,56 @@
2 2
 
3 3
 from django.conf import global_settings
4 4
 from django.contrib.auth import authenticate
  5
+from django.contrib.auth.context_processors import PermWrapper, PermLookupDict
5 6
 from django.db.models import Q
6 7
 from django.template import context
7 8
 from django.test import TestCase
8 9
 from django.test.utils import override_settings
9 10
 
10 11
 
  12
+class MockUser(object):
  13
+    def has_module_perm(self, perm):
  14
+        if perm == 'mockapp.someapp':
  15
+            return True
  16
+        return False
  17
+
  18
+    def has_perm(self, perm):
  19
+        if perm == 'someperm':
  20
+            return True
  21
+        return False
  22
+
  23
+
  24
+class PermWrapperTests(TestCase):
  25
+    """
  26
+    Test some details of the PermWrapper implementation.
  27
+    """
  28
+    class EQLimiterObject(object):
  29
+        """
  30
+        This object makes sure __eq__ will not be called endlessly.
  31
+        """
  32
+        def __init__(self):
  33
+            self.eq_calls = 0
  34
+
  35
+        def __eq__(self, other):
  36
+            if self.eq_calls > 0:
  37
+                return True
  38
+            self.eq_calls += 1
  39
+            return False
  40
+
  41
+    def test_permwrapper_in(self):
  42
+        """
  43
+        Test that 'something' in PermWrapper doesn't end up in endless loop.
  44
+        """
  45
+        perms = PermWrapper(MockUser())
  46
+        with self.assertRaises(TypeError):
  47
+            self.EQLimiterObject() in perms
  48
+
  49
+    def test_permlookupdict_in(self):
  50
+        pldict = PermLookupDict(MockUser(), 'mockapp')
  51
+        with self.assertRaises(TypeError):
  52
+            self.EQLimiterObject() in pldict
  53
+
  54
+
11 55
 class AuthContextProcessorTests(TestCase):
12 56
     """
13 57
     Tests for the ``django.contrib.auth.context_processors.auth`` processor

0 notes on commit 1f53733

Please sign in to comment.
Something went wrong with that request. Please try again.