Opened 7 years ago

Closed 7 years ago

Last modified 5 years ago

#12557 closed (fixed)

AnonymousUser has_perm should check backends has_perm

Reported by: Harro Owned by: nobody
Component: contrib.auth Version: master
Severity: Keywords: has_perm AnonymousUser
Cc: Jannis Leidel, Florian Apolloner, Dan Fairs, Jari Pennanen Triage Stage: Unreviewed
Has patch: yes Needs documentation: yes
Needs tests: yes Patch needs improvement: yes
Easy pickings: UI/UX:

Description

Right now a non logged in user isn't allowed to do anything at all.
Which is weird, there might be cases where you want to have a backend that stores guest permissions.

I implemented everything for it, only to discover that the anonymous user doesn't even check the backends.

I think it's a small thing to add which will make the possibilities of custom backends even greater !

The default backend would get an extra check in the has_perm function that checks if the passed user_obj.

Attachments (3)

anonymous_permissions.2.diff (2.4 KB) - added by Harro 7 years ago.
AnonymousUser also checks backend for permissions
anonymous_permissions.diff (2.5 KB) - added by Harro 7 years ago.
supports_anonymous_users.diff (1.8 KB) - added by Harro 7 years ago.
Patch for supports_anonymous_users flag on backends

Download all attachments as: .zip

Change History (11)

Changed 7 years ago by Harro

AnonymousUser also checks backend for permissions

comment:1 Changed 7 years ago by Harro

Needs documentation: unset
Needs tests: unset
Patch needs improvement: unset

Bleg.. now without errors.. (or so says pyflakes :))

Changed 7 years ago by Harro

Attachment: anonymous_permissions.diff added

comment:2 Changed 7 years ago by Harro

Needs documentation: set
Needs tests: set
Patch needs improvement: set

Finally got the diff correct (stupid bug in svn :S)

Anyway.. I think this will make the whole permission system even more powerful, it will allow backends to implement anonymous permissions.

The documentation should reflect this change too, because custom backends shouldn't assume the user is a valid logged in user.

comment:3 Changed 7 years ago by Jannis Leidel

Cc: Jannis Leidel added

comment:4 Changed 7 years ago by Florian Apolloner

Cc: Florian Apolloner added

comment:5 Changed 7 years ago by Dan Fairs

Cc: Dan Fairs added

comment:6 Changed 7 years ago by Jari Pennanen

Cc: Jari Pennanen added

Changed 7 years ago by Harro

Patch for supports_anonymous_users flag on backends

comment:7 Changed 7 years ago by Luke Plant

Resolution: fixed
Status: newclosed

(In [12316]) Fixed #12557 - AnonymousUser should check auth backends for permissions

Thanks to hvdklauw for the idea and work on the patch.

comment:8 Changed 5 years ago by Jacob

milestone: 1.2

Milestone 1.2 deleted

Note: See TracTickets for help on using tickets.
Back to Top