mirror of
https://github.com/django/django.git
synced 2024-12-01 15:42:04 +01:00
Fixed #20834 -- Described how caching of user permissions works.
Thanks Giggaflop and Jennifer Casavantes.
This commit is contained in:
parent
4416aa1d3f
commit
5f9790072d
@ -249,6 +249,39 @@ The permission can then be assigned to a
|
||||
attribute or to a :class:`~django.contrib.auth.models.Group` via its
|
||||
``permissions`` attribute.
|
||||
|
||||
Permission caching
|
||||
------------------
|
||||
|
||||
The :class:`~django.contrib.auth.backends.ModelBackend` caches permissions on
|
||||
the ``User`` object after the first time they need to be fetched for a
|
||||
permissions check. This is typically fine for the request-response cycle since
|
||||
permissions are not typically checked immediately after they are added (in the
|
||||
admin, for example). If you are adding permissions and checking them immediately
|
||||
afterward, in a test or view for example, the easiest solution is to re-fetch
|
||||
the ``User`` from the database. For example::
|
||||
|
||||
from django.contrib.auth.models import Permission, User
|
||||
from django.shortcuts import get_object_or_404
|
||||
|
||||
def user_gains_perms(request, user_id):
|
||||
user = get_object_or_404(User, pk=user_id)
|
||||
# any permission check will cache the current set of permissions
|
||||
user.has_perm('myapp.change_bar')
|
||||
|
||||
permission = Permission.objects.get(codename='change_bar')
|
||||
user.user_permissions.add(permission)
|
||||
|
||||
# Checking the cached permission set
|
||||
user.has_perm('myapp.change_bar') # False
|
||||
|
||||
# Request new instance of User
|
||||
user = get_object_or_404(User, pk=user_id)
|
||||
|
||||
# Permission cache is repopulated from the database
|
||||
user.has_perm('myapp.change_bar') # True
|
||||
|
||||
...
|
||||
|
||||
.. _auth-web-requests:
|
||||
|
||||
Authentication in Web requests
|
||||
|
Loading…
Reference in New Issue
Block a user