Code

Opened 4 years ago

Closed 3 years ago

#13466 closed (duplicate)

Replacing Authentication Backend will remove User permission checking

Reported by: mhenwood Owned by: nobody
Component: Documentation Version: 1.0
Severity: Keywords: backend permissions
Cc: Triage Stage: Accepted
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: UI/UX:

Description

Hi chaps. What's not clear in this documentation regarding changing authentication backends is that the new backends one writes are responsible for permissions handling as well (as per the source code for the 'django.conrib.auth.models.User.get_all_permissions()' method.

However, no biggie: In whatever backend file your code resides, include this import:

 from django.contrib.auth.backends import ModelBackend

Then make sure the Backend you wrote *extends* ModelBackend, e.g.:

class EmailBackend(ModelBackend):

Should be fine.

I *love* Django by the way, a fantastic dev environment

Attachments (0)

Change History (2)

comment:1 Changed 4 years ago by SmileyChris

  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset
  • Triage Stage changed from Unreviewed to Accepted

If you want the standard user permission checking, why would you replace the current one to begin with?

If you're just after extra functionality (in this case, obviously login via email address) it seems obvious that you'd provide an additional backend rather than just replacing the current one.

Then again, if it can be clarified with a sentence in the right place, I suppose it's a good thing. You had the problem; would you like to suggest an appropriate place for this sentence? Even better, submit a patch with an initial draft of how to clarify the fact the default backend handles all permissions (I don't think it's worth mentioning subclassing.

comment:2 Changed 3 years ago by ramiro

  • Resolution set to duplicate
  • Status changed from new to closed

I'm going to close this as a duplicate of #13933 adding a pointer back to this there.

Add Comment

Modify Ticket

Change Properties
<Author field>
Action
as closed
as The resolution will be set. Next status will be 'closed'
The resolution will be deleted. Next status will be 'new'
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.