Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

Fix #16813: Restore checking whether a backend supports inctive users…

… before sending inactive users in for permission checking. Thanks apollo13 for the report and poirier for the patch.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@17084 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
commit f4f61baa8c4e5213d17d99ed562186895b389952 1 parent 1aef1b2
Karen Tracey authored
1  AUTHORS
@@ -408,6 +408,7 @@ answer newbie questions, and generally made Django that much better:
408 408
     Michael Placentra II <someone@michaelplacentra2.net>
409 409
     plisk
410 410
     Daniel Poelzleithner <http://poelzi.org/>
  411
+    Dan Poirier <poirier@pobox.com>
411 412
     polpak@yahoo.com
412 413
     Ross Poulton <ross@rossp.org>
413 414
     Mihai Preda <mihai_preda@yahoo.com>
24  django/contrib/auth/models.py
@@ -142,22 +142,28 @@ def _user_get_all_permissions(user, obj):
142 142
 
143 143
 
144 144
 def _user_has_perm(user, perm, obj):
  145
+    anon = user.is_anonymous()
  146
+    active = user.is_active
145 147
     for backend in auth.get_backends():
146  
-        if hasattr(backend, "has_perm"):
147  
-            if obj is not None:
148  
-                if backend.has_perm(user, perm, obj):
  148
+        if anon or active or backend.supports_inactive_user:
  149
+            if hasattr(backend, "has_perm"):
  150
+                if obj is not None:
  151
+                    if backend.has_perm(user, perm, obj):
  152
+                            return True
  153
+                else:
  154
+                    if backend.has_perm(user, perm):
149 155
                         return True
150  
-            else:
151  
-                if backend.has_perm(user, perm):
152  
-                    return True
153 156
     return False
154 157
 
155 158
 
156 159
 def _user_has_module_perms(user, app_label):
  160
+    anon = user.is_anonymous()
  161
+    active = user.is_active
157 162
     for backend in auth.get_backends():
158  
-        if hasattr(backend, "has_module_perms"):
159  
-            if backend.has_module_perms(user, app_label):
160  
-                return True
  163
+        if anon or active or backend.supports_inactive_user:
  164
+            if hasattr(backend, "has_module_perms"):
  165
+                if backend.has_module_perms(user, app_label):
  166
+                    return True
161 167
     return False
162 168
 
163 169
 
2  django/contrib/auth/tests/auth_backends.py
@@ -300,7 +300,7 @@ def tearDown(self):
300 300
 
301 301
     def test_has_perm(self):
302 302
         self.assertEqual(self.user1.has_perm('perm', TestObj()), False)
303  
-        self.assertEqual(self.user1.has_perm('inactive', TestObj()), True)
  303
+        self.assertEqual(self.user1.has_perm('inactive', TestObj()), False)
304 304
 
305 305
     def test_has_module_perms(self):
306 306
         self.assertEqual(self.user1.has_module_perms("app1"), False)

0 notes on commit f4f61ba

Please sign in to comment.
Something went wrong with that request. Please try again.