Opened 15 years ago
Closed 14 years ago
#13466 closed (duplicate)
Replacing Authentication Backend will remove User permission checking
Reported by: | mhenwood | Owned by: | nobody |
---|---|---|---|
Component: | Documentation | Version: | 1.0 |
Severity: | Keywords: | backend permissions | |
Cc: | Triage Stage: | Accepted | |
Has patch: | no | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | no |
Description
Hi chaps. What's not clear in this documentation regarding changing authentication backends is that the new backends one writes are responsible for permissions handling as well (as per the source code for the 'django.conrib.auth.models.User.get_all_permissions()' method.
However, no biggie: In whatever backend file your code resides, include this import:
from django.contrib.auth.backends import ModelBackend
Then make sure the Backend you wrote *extends* ModelBackend, e.g.:
class EmailBackend(ModelBackend):
Should be fine.
I *love* Django by the way, a fantastic dev environment
Change History (2)
comment:1 by , 15 years ago
Triage Stage: | Unreviewed → Accepted |
---|
comment:2 by , 14 years ago
Resolution: | → duplicate |
---|---|
Status: | new → closed |
I'm going to close this as a duplicate of #13933 adding a pointer back to this there.
If you want the standard user permission checking, why would you replace the current one to begin with?
If you're just after extra functionality (in this case, obviously login via email address) it seems obvious that you'd provide an additional backend rather than just replacing the current one.
Then again, if it can be clarified with a sentence in the right place, I suppose it's a good thing. You had the problem; would you like to suggest an appropriate place for this sentence? Even better, submit a patch with an initial draft of how to clarify the fact the default backend handles all permissions (I don't think it's worth mentioning subclassing.