mirror of
https://github.com/django/django.git
synced 2024-12-01 15:42:04 +01:00
Fixed #12462 - Fixed edge case with auth backends that don't support object permissions. Thanks to Florian Apolloner for catching it.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@12032 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
parent
f93657218c
commit
57d7181caa
@ -218,22 +218,26 @@ class User(models.Model):
|
||||
permissions = set()
|
||||
for backend in auth.get_backends():
|
||||
if hasattr(backend, "get_group_permissions"):
|
||||
if obj is not None and backend.supports_object_permissions:
|
||||
group_permissions = backend.get_group_permissions(self, obj)
|
||||
if obj is not None:
|
||||
if backend.supports_object_permissions:
|
||||
permissions.update(
|
||||
backend.get_group_permissions(self, obj)
|
||||
)
|
||||
else:
|
||||
group_permissions = backend.get_group_permissions(self)
|
||||
permissions.update(group_permissions)
|
||||
permissions.update(backend.get_group_permissions(self))
|
||||
return permissions
|
||||
|
||||
def get_all_permissions(self, obj=None):
|
||||
permissions = set()
|
||||
for backend in auth.get_backends():
|
||||
if hasattr(backend, "get_all_permissions"):
|
||||
if obj is not None and backend.supports_object_permissions:
|
||||
all_permissions = backend.get_all_permissions(self, obj)
|
||||
if obj is not None:
|
||||
if backend.supports_object_permissions:
|
||||
permissions.update(
|
||||
backend.get_all_permissions(self, obj)
|
||||
)
|
||||
else:
|
||||
all_permissions = backend.get_all_permissions(self)
|
||||
permissions.update(all_permissions)
|
||||
permissions.update(backend.get_all_permissions(self))
|
||||
return permissions
|
||||
|
||||
def has_perm(self, perm, obj=None):
|
||||
@ -255,9 +259,10 @@ class User(models.Model):
|
||||
# Otherwise we need to check the backends.
|
||||
for backend in auth.get_backends():
|
||||
if hasattr(backend, "has_perm"):
|
||||
if obj is not None and backend.supports_object_permissions:
|
||||
if backend.has_perm(self, perm, obj):
|
||||
return True
|
||||
if obj is not None:
|
||||
if (backend.supports_object_permissions and
|
||||
backend.has_perm(self, perm, obj)):
|
||||
return True
|
||||
else:
|
||||
if backend.has_perm(self, perm):
|
||||
return True
|
||||
|
@ -69,6 +69,21 @@ class BackendTest(TestCase):
|
||||
self.assertEqual(user.has_perm('test'), False)
|
||||
self.assertEqual(user.has_perms(['auth.test2', 'auth.test3']), False)
|
||||
|
||||
def test_has_no_object_perm(self):
|
||||
"""Regressiontest for #12462"""
|
||||
user = User.objects.get(username='test')
|
||||
content_type=ContentType.objects.get_for_model(Group)
|
||||
perm = Permission.objects.create(name='test', content_type=content_type, codename='test')
|
||||
user.user_permissions.add(perm)
|
||||
user.save()
|
||||
|
||||
self.assertEqual(user.has_perm('auth.test', 'object'), False)
|
||||
self.assertEqual(user.get_all_permissions('object'), set([]))
|
||||
self.assertEqual(user.has_perm('auth.test'), True)
|
||||
self.assertEqual(user.get_all_permissions(), set(['auth.test']))
|
||||
|
||||
|
||||
|
||||
|
||||
class TestObj(object):
|
||||
pass
|
||||
|
Loading…
Reference in New Issue
Block a user