AnonymousUser has_perm should check backends has_perm
|Reported by:||Harro||Owned by:||nobody|
|Cc:||Jannis Leidel, Florian Apolloner, Dan Fairs, Jari Pennanen||Triage Stage:||Unreviewed|
|Has patch:||yes||Needs documentation:||yes|
|Needs tests:||yes||Patch needs improvement:||yes|
Right now a non logged in user isn't allowed to do anything at all.
Which is weird, there might be cases where you want to have a backend that stores guest permissions.
I implemented everything for it, only to discover that the anonymous user doesn't even check the backends.
I think it's a small thing to add which will make the possibilities of custom backends even greater !
The default backend would get an extra check in the has_perm function that checks if the passed user_obj.
Change History (11)
comment:1 Changed 7 years ago by
|Patch needs improvement:||unset|
comment:2 Changed 7 years ago by
|Patch needs improvement:||set|