Ticket #5457: full_diff.2.diff

django/contrib/auth/backends.py

@@ +1 @@
+from django.db import connection, models
-from django.contrib.auth.models import User
-
-class ModelBackend:
@@ -14 +15 @@
-        except User.DoesNotExist:
-            return None
-
+    def get_group_permissions(self, user_obj):
+        "Returns a list of permission strings that this user has through his/her groups."
+        if not hasattr(user_obj, '_group_perm_cache'):
+            cursor = connection.cursor()
+            # The SQL below works out to the following, after DB quoting:
+            # cursor.execute("""
+            #     SELECT ct."app_label", p."codename"
+            #     FROM "auth_permission" p, "auth_group_permissions" gp, "auth_user_groups" ug, "django_content_type" ct
+            #     WHERE p."id" = gp."permission_id"
+            #         AND gp."group_id" = ug."group_id"
+            #         AND ct."id" = p."content_type_id"
+            #         AND ug."user_id" = %s, [self.id])
+            qn = connection.ops.quote_name
+            sql = """
+                SELECT ct.%s, p.%s
+                FROM %s p, %s gp, %s ug, %s ct
+                WHERE p.%s = gp.%s
+                    AND gp.%s = ug.%s
+                    AND ct.%s = p.%s
+                    AND ug.%s = %%s""" % (
+                qn('app_label'), qn('codename'),
+                qn('auth_permission'), qn('auth_group_permissions'),
+                qn('auth_user_groups'), qn('django_content_type'),
+                qn('id'), qn('permission_id'),
+                qn('group_id'), qn('group_id'),
+                qn('id'), qn('content_type_id'),
+                qn('user_id'),)
+            cursor.execute(sql, [user_obj.id])
+            user_obj._group_perm_cache = set(["%s.%s" % (row[0], row[1]) for row in cursor.fetchall()])
+        return user_obj._group_perm_cache
+    
+    def get_all_permissions(self, user_obj):
+        if not hasattr(user_obj, '_perm_cache'):
+            user_obj._perm_cache = set([u"%s.%s" % (p.content_type.app_label, p.codename) for p in user_obj.user_permissions.select_related()])
+            user_obj._perm_cache.update(self.get_group_permissions(user_obj))
+        return user_obj._perm_cache
+
+    def has_perm(self, user_obj, perm):
+        return perm in self.get_all_permissions(user_obj)
+
+    def has_module_perms(self, user_obj, app_label):
+        return bool(len([p for p in self.get_all_permissions(user_obj) if p[:p.index('.')] == app_label]))
+
+
+
-    def get_user(self, user_id):
-        try:
-            return User.objects.get(pk=user_id)

django/contrib/auth/models.py

@@ +1 @@
+from django.contrib.auth import get_backends
-from django.core import validators
-from django.core.exceptions import ImproperlyConfigured
-from django.db import connection, models
@@ -177 +178 @@
-        return self.password != UNUSABLE_PASSWORD
-
-    def get_group_permissions(self):
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
-
-    def get_all_permissions(self):
-
-
-
-
+
+
+
+
+
+
-
-    def has_perm(self, perm):
-
+
+
+
+
+
-        if not self.is_active:
-            return False
-        if self.is_superuser:
-            return True
-
+
+
+
+
+
+
-
-    def has_perms(self, perm_list):
-        "Returns True if the user has each of the specified permissions."
@@ -229 +222 @@
-        return True
-
-    def has_module_perms(self, app_label):
-
+
+
+
+
+
-        if not self.is_active:
-            return False
-        if self.is_superuser:
-            return True
-
+
+
+
+
+
+
-
-    def get_and_delete_messages(self):
-        messages = []

tests/regressiontests/auth_permission_backend/tests.py

@@ +1 @@
+# -*- coding: utf-8 -*-
+
+from django.contrib.auth.models import User, Group, Permission
+from django.contrib.contenttypes.models import ContentType
+
+auth_tests = r"""
+# No Permissions assigned yet, should return False except for superuser
+
+>>> user = User.objects.create_user('test', 'test@example.com', 'test')
+>>> user.has_perm("auth.test")
+False
+>>> user.is_staff=True
+>>> user.save()
+>>> user.has_perm("auth.test")
+False
+>>> user.is_superuser=True
+>>> user.save()
+>>> user.has_perm("auth.test")
+True
+>>> user.is_staff = False
+>>> user.is_superuser = False
+>>> user.save()
+>>> user.has_perm("auth.test")
+False
+>>> content_type=ContentType.objects.get_for_model(Group)
+>>> perm = Permission.objects.create(name="test", content_type=content_type, codename="test")
+>>> user.user_permissions.add(perm)
+>>> user.save()
+
+# reloading user to purge the _perm_cache
+
+>>> user = User.objects.get(username="test")
+>>> user.get_all_permissions()
+set([u'auth.test'])
+>>> user.get_group_permissions()
+set([])
+>>> user.has_module_perms("Group")
+False
+>>> user.has_module_perms("auth")
+True
+>>> perm = Permission.objects.create(name="test2", content_type=content_type, codename="test2")
+>>> user.user_permissions.add(perm)
+>>> user.save()
+>>> perm = Permission.objects.create(name="test3", content_type=content_type, codename="test3")
+>>> user.user_permissions.add(perm)
+>>> user.save()
+>>> user = User.objects.get(username="test")
+>>> user.get_all_permissions()
+set([u'auth.test2', u'auth.test', u'auth.test3'])
+>>> user.has_perm('test')
+False
+>>> user.has_perm('auth.test')
+True
+>>> user.has_perms(['auth.test2', 'auth.test3'])
+True
+>>> perm = Permission.objects.create(name="test_group", content_type=content_type, codename="test_group")
+>>> group = Group.objects.create(name='test_group')
+>>> group.permissions.add(perm)
+>>> group.save()
+>>> user.groups.add(group)
+>>> user = User.objects.get(username="test")
+>>> user.get_all_permissions()
+set([u'auth.test2', u'auth.test', u'auth.test3', u'auth.test_group'])
+>>> user.get_group_permissions()
+set([u'auth.test_group'])
+>>> user.has_perms(['auth.test3', 'auth.test_group'])
+True
+"""
+
+__test__ = {
+    'auth_permission_test': auth_tests,
+}
+
+if __name__ == "__main__":
+    import doctest
+    doctest.testmod()

docs/authentication.txt

@@ -1041 +1041 @@
-                return User.objects.get(pk=user_id)
-            except User.DoesNotExist:
-                return None
+
+Optionally the Backend allows you to specify any of the permission methods of
+the ``User`` object (except from ``has_perms`` which calls ``has_perm`` for each
+perm in the list, and ``has_perm`` can be specified in the backend).
+This will allow your backend to handle the permissions, if one backend return
+``True`` in a permission check, the user will have the permission.
+
+Here is an sample implementation for ``has_perm`` extending the above exmaple::
+        
+        # The permission functions all take the user_obj as first (besides the self of 
+        # the backend, of course) argument and the rest
+        # is as you would call it with ``User.*``
+        def has_perm(self, user_obj, perm):
+            # we give the user admin the right to do everything.
+            if user_obj.username == "admin":
+                return True
+            else:
+                return False
+
+A full implementation can be found in ``django/contrib/auth/backends.py`` _, which is the
+default backend and queries the ``auth_permission``-table most of the time.
+
+.. _django/contrib/auth/backends.py: http://code.djangoproject.com/browser/django/trunk/django/contrib/auth/backends.py