Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Fixed #12462 - Fixed edge case with auth backends that don't support …

…object permissions. Thanks to Florian Apolloner for catching it.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@12032 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
commit 57d7181caa4e89f692a71b3d0fe9c267aec6ccba 1 parent f936572
@jezdez jezdez authored
View
27 django/contrib/auth/models.py
@@ -218,22 +218,26 @@ def get_group_permissions(self, obj=None):
permissions = set()
for backend in auth.get_backends():
if hasattr(backend, "get_group_permissions"):
- if obj is not None and backend.supports_object_permissions:
- group_permissions = backend.get_group_permissions(self, obj)
+ if obj is not None:
+ if backend.supports_object_permissions:
+ permissions.update(
+ backend.get_group_permissions(self, obj)
+ )
else:
- group_permissions = backend.get_group_permissions(self)
- permissions.update(group_permissions)
+ permissions.update(backend.get_group_permissions(self))
return permissions
def get_all_permissions(self, obj=None):
permissions = set()
for backend in auth.get_backends():
if hasattr(backend, "get_all_permissions"):
- if obj is not None and backend.supports_object_permissions:
- all_permissions = backend.get_all_permissions(self, obj)
+ if obj is not None:
+ if backend.supports_object_permissions:
+ permissions.update(
+ backend.get_all_permissions(self, obj)
+ )
else:
- all_permissions = backend.get_all_permissions(self)
- permissions.update(all_permissions)
+ permissions.update(backend.get_all_permissions(self))
return permissions
def has_perm(self, perm, obj=None):
@@ -255,9 +259,10 @@ def has_perm(self, perm, obj=None):
# Otherwise we need to check the backends.
for backend in auth.get_backends():
if hasattr(backend, "has_perm"):
- if obj is not None and backend.supports_object_permissions:
- if backend.has_perm(self, perm, obj):
- return True
+ if obj is not None:
+ if (backend.supports_object_permissions and
+ backend.has_perm(self, perm, obj)):
+ return True
else:
if backend.has_perm(self, perm):
return True
View
15 django/contrib/auth/tests/auth_backends.py
@@ -69,6 +69,21 @@ def test_custom_perms(self):
self.assertEqual(user.has_perm('test'), False)
self.assertEqual(user.has_perms(['auth.test2', 'auth.test3']), False)
+ def test_has_no_object_perm(self):
+ """Regressiontest for #12462"""
+ user = User.objects.get(username='test')
+ content_type=ContentType.objects.get_for_model(Group)
+ perm = Permission.objects.create(name='test', content_type=content_type, codename='test')
+ user.user_permissions.add(perm)
+ user.save()
+
+ self.assertEqual(user.has_perm('auth.test', 'object'), False)
+ self.assertEqual(user.get_all_permissions('object'), set([]))
+ self.assertEqual(user.has_perm('auth.test'), True)
+ self.assertEqual(user.get_all_permissions(), set(['auth.test']))
+
+
+
class TestObj(object):
pass
Please sign in to comment.
Something went wrong with that request. Please try again.