AnonymousUser has_perm should check backends has_perm

[Harro]

Right now a non logged in user isn't allowed to do anything at all.
Which is weird, there might be cases where you want to have a backend that stores guest permissions.

I implemented everything for it, only to discover that the anonymous user doesn't even check the backends.

I think it's a small thing to add which will make the possibilities of custom backends even greater !

The default backend would get an extra check in the has_perm function that checks if the passed user_obj.

[Harro]

AnonymousUser also checks backend for permissions

[Harro]

Bleg.. now without errors.. (or so says pyflakes :))

[Harro]

Finally got the diff correct (stupid bug in svn :S)

Anyway.. I think this will make the whole permission system even more powerful, it will allow backends to implement anonymous permissions.

The documentation should reflect this change too, because custom backends shouldn't assume the user is a valid logged in user.

[Florian Apolloner]

Discussion: ​http://groups.google.com/group/django-developers/browse_thread/thread/2f0fb2d0924caac2#

[Harro]

Patch for supports_anonymous_users flag on backends

[Luke Plant]

(In [12316]) Fixed #12557 - AnonymousUser should check auth backends for permissions

Thanks to hvdklauw for the idea and work on the patch.

[Jacob]

Milestone 1.2 deleted