Check is_authenticated flag on _check_perm and instances_user_has_any_permission_for

This avoids making redundant queries on groups / permissions when user is anonymous.

wagtail/wagtailcore/permission_policies/collections.py

@@ -26,7 +26,7 @@ class CollectionPermissionLookupMixin(object):
         If collection is specified, only consider GroupCollectionPermission records
         that apply to that collection.
         """
-        if not user.is_active:
+        if not (user.is_active and user.is_authenticated()):
             return False
 
         if user.is_superuser:
@@ -162,7 +162,7 @@ class CollectionPermissionPolicy(CollectionPermissionLookupMixin, BaseDjangoAuth
         Return a queryset of all instances of this model for which the given user has
         permission to perform any of the given actions
         """
-        if not user.is_active:
+        if not (user.is_active and user.is_authenticated()):
             return self.model.objects.none()
         elif user.is_superuser:
             return self.model.objects.all()

wagtail/wagtailcore/tests/test_collection_permission_policies.py

@@ -222,6 +222,12 @@ class TestCollectionPermissionPolicy(PermissionPolicyTestCase):
             )
         )
 
+        self.assertFalse(
+            self.policy.user_has_any_permission_for_instance(
+                self.anonymous_user, ['change', 'delete'], self.changer_doc
+            )
+        )
+
     def test_instances_user_has_permission_for(self):
         self.assertResultSetEqual(
             self.policy.instances_user_has_permission_for(
@@ -636,6 +642,12 @@ class TestCollectionOwnershipPermissionPolicy(PermissionPolicyTestCase):
             )
         )
 
+        self.assertFalse(
+            self.policy.user_has_any_permission_for_instance(
+                self.anonymous_user, ['change', 'delete'], self.changer_doc
+            )
+        )
+
     def test_instances_user_has_permission_for(self):
         self.assertResultSetEqual(
             self.policy.instances_user_has_permission_for(