`ModelBackend.get_all_permissions` returns permissions for inactive users
|Reported by:||Chris Beaven||Owned by:||jorgecarleitao|
|Has patch:||yes||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||yes|
The documentation states:
Returns a set of permission strings that the user has, both through group and user permissions
False for an inactive user, I wouldn't think it should return an empty string.
The behaviour is not as explicitly stated as the other perm methods though, they say:
If the user is inactive, this method will always return False.
get_all_permissions to return all strings for superusers, which seems to imply this should work the same way that has_perm does, not just provide a list of permission strings directly assigned (or via groups) to the user.
Change History (11)
comment:1 Changed 5 years ago by
|Patch needs improvement:||unset|
|Triage Stage:||Unreviewed → Design decision needed|
comment:5 Changed 2 years ago by
|Owner:||changed from nobody to jorgecarleitao|
|Status:||new → assigned|