#12557 closed (fixed)
AnonymousUser has_perm should check backends has_perm
Reported by: | Harro | Owned by: | nobody |
---|---|---|---|
Component: | contrib.auth | Version: | dev |
Severity: | Keywords: | has_perm AnonymousUser | |
Cc: | Jannis Leidel, Florian Apolloner, Dan Fairs, Jari Pennanen | Triage Stage: | Unreviewed |
Has patch: | yes | Needs documentation: | yes |
Needs tests: | yes | Patch needs improvement: | yes |
Easy pickings: | no | UI/UX: | no |
Description
Right now a non logged in user isn't allowed to do anything at all.
Which is weird, there might be cases where you want to have a backend that stores guest permissions.
I implemented everything for it, only to discover that the anonymous user doesn't even check the backends.
I think it's a small thing to add which will make the possibilities of custom backends even greater !
The default backend would get an extra check in the has_perm function that checks if the passed user_obj.
Attachments (3)
Change History (11)
by , 15 years ago
Attachment: | anonymous_permissions.2.diff added |
---|
by , 15 years ago
Attachment: | anonymous_permissions.diff added |
---|
comment:2 by , 15 years ago
Needs documentation: | set |
---|---|
Needs tests: | set |
Patch needs improvement: | set |
Finally got the diff correct (stupid bug in svn :S)
Anyway.. I think this will make the whole permission system even more powerful, it will allow backends to implement anonymous permissions.
The documentation should reflect this change too, because custom backends shouldn't assume the user is a valid logged in user.
comment:3 by , 15 years ago
Cc: | added |
---|
comment:4 by , 15 years ago
Cc: | added |
---|
comment:5 by , 15 years ago
Cc: | added |
---|
comment:6 by , 15 years ago
Cc: | added |
---|
by , 15 years ago
Attachment: | supports_anonymous_users.diff added |
---|
Patch for supports_anonymous_users flag on backends
comment:7 by , 15 years ago
Resolution: | → fixed |
---|---|
Status: | new → closed |
AnonymousUser also checks backend for permissions