Code

Opened 4 years ago

Closed 4 years ago

Last modified 3 years ago

#12557 closed (fixed)

AnonymousUser has_perm should check backends has_perm

Reported by: hvdklauw Owned by: nobody
Component: contrib.auth Version: master
Severity: Keywords: has_perm AnonymousUser
Cc: jezdez, apollo13, danfairs, Ciantic Triage Stage: Unreviewed
Has patch: yes Needs documentation: yes
Needs tests: yes Patch needs improvement: yes
Easy pickings: UI/UX:

Description

Right now a non logged in user isn't allowed to do anything at all.
Which is weird, there might be cases where you want to have a backend that stores guest permissions.

I implemented everything for it, only to discover that the anonymous user doesn't even check the backends.

I think it's a small thing to add which will make the possibilities of custom backends even greater !

The default backend would get an extra check in the has_perm function that checks if the passed user_obj.

Attachments (3)

anonymous_permissions.2.diff (2.4 KB) - added by hvdklauw 4 years ago.
AnonymousUser also checks backend for permissions
anonymous_permissions.diff (2.5 KB) - added by hvdklauw 4 years ago.
supports_anonymous_users.diff (1.8 KB) - added by hvdklauw 4 years ago.
Patch for supports_anonymous_users flag on backends

Download all attachments as: .zip

Change History (11)

Changed 4 years ago by hvdklauw

AnonymousUser also checks backend for permissions

comment:1 Changed 4 years ago by hvdklauw

  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset

Bleg.. now without errors.. (or so says pyflakes :))

Changed 4 years ago by hvdklauw

comment:2 Changed 4 years ago by hvdklauw

  • Needs documentation set
  • Needs tests set
  • Patch needs improvement set

Finally got the diff correct (stupid bug in svn :S)

Anyway.. I think this will make the whole permission system even more powerful, it will allow backends to implement anonymous permissions.

The documentation should reflect this change too, because custom backends shouldn't assume the user is a valid logged in user.

comment:3 Changed 4 years ago by jezdez

  • Cc jezdez added

comment:5 Changed 4 years ago by danfairs

  • Cc danfairs added

comment:6 Changed 4 years ago by Ciantic

  • Cc Ciantic added

Changed 4 years ago by hvdklauw

Patch for supports_anonymous_users flag on backends

comment:7 Changed 4 years ago by lukeplant

  • Resolution set to fixed
  • Status changed from new to closed

(In [12316]) Fixed #12557 - AnonymousUser should check auth backends for permissions

Thanks to hvdklauw for the idea and work on the patch.

comment:8 Changed 3 years ago by jacob

  • milestone 1.2 deleted

Milestone 1.2 deleted

Add Comment

Modify Ticket

Change Properties
<Author field>
Action
as closed
as The resolution will be set. Next status will be 'closed'
The resolution will be deleted. Next status will be 'new'
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.