Opened 9 years ago

Closed 8 years ago

#13466 closed (duplicate)

Replacing Authentication Backend will remove User permission checking

Reported by: mhenwood Owned by: nobody
Component: Documentation Version: 1.0
Severity: Keywords: backend permissions
Cc: Triage Stage: Accepted
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no


Hi chaps. What's not clear in this documentation regarding changing authentication backends is that the new backends one writes are responsible for permissions handling as well (as per the source code for the 'django.conrib.auth.models.User.get_all_permissions()' method.

However, no biggie: In whatever backend file your code resides, include this import:

 from django.contrib.auth.backends import ModelBackend

Then make sure the Backend you wrote *extends* ModelBackend, e.g.:

class EmailBackend(ModelBackend):

Should be fine.

I *love* Django by the way, a fantastic dev environment

Change History (2)

comment:1 Changed 9 years ago by Chris Beaven

Triage Stage: UnreviewedAccepted

If you want the standard user permission checking, why would you replace the current one to begin with?

If you're just after extra functionality (in this case, obviously login via email address) it seems obvious that you'd provide an additional backend rather than just replacing the current one.

Then again, if it can be clarified with a sentence in the right place, I suppose it's a good thing. You had the problem; would you like to suggest an appropriate place for this sentence? Even better, submit a patch with an initial draft of how to clarify the fact the default backend handles all permissions (I don't think it's worth mentioning subclassing.

comment:2 Changed 8 years ago by Ramiro Morales

Resolution: duplicate
Status: newclosed

I'm going to close this as a duplicate of #13933 adding a pointer back to this there.

Note: See TracTickets for help on using tickets.
Back to Top