Inactive users have less permissions then anonymous users with custom backend
|Reported by:||hvdklauw||Owned by:||nobody|
|Cc:||hvdklauw@…, jgelens@…||Triage Stage:||Accepted|
|Has patch:||yes||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||no|
With the closing of Ticket #12557 a custom backend could specify anonymous user permissions.
However now I have a system where an anonymous user has some permissions and a logged in inactive user (User.is_active == False) has no permissions at all.
I suggest the checks for is_active and is_superuser get removed as a check from the User class itself and instead get moved to the default authentication backend.
That way the default way keeps working the way it currently does, but it will allow developers to use those two properties as they see fit when they implement a custom backend.
Change History (16)
comment:1 Changed 5 years ago by hvdklauw
- Cc hvdklauw@… added
- Needs documentation unset
- Needs tests unset
- Patch needs improvement unset
comment:2 Changed 5 years ago by lukeplant
- Triage Stage changed from Unreviewed to Design decision needed
Changed 5 years ago by hvdklauw
comment:7 Changed 4 years ago by jezdez
- Triage Stage changed from Design decision needed to Accepted
comment:11 Changed 4 years ago by jezdez
- Resolution fixed deleted
- Status changed from closed to reopened
comment:14 Changed 4 years ago by jezdez
- Resolution set to fixed
- Status changed from reopened to closed