`ModelBackend.get_all_permissions` returns permissions for inactive users
|Reported by:||SmileyChris||Owned by:||jorgecarleitao|
|Has patch:||yes||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||yes|
The documentation states:
Returns a set of permission strings that the user has, both through group and user permissions
Since has_perm returns False for an inactive user, I wouldn't think it should return an empty string.
The behaviour is not as explicitly stated as the other perm methods though, they say:
If the user is inactive, this method will always return False.
r14797 changed get_all_permissions to return all strings for superusers, which seems to imply this should work the same way that has_perm does, not just provide a list of permission strings directly assigned (or via groups) to the user.
Change History (11)
comment:1 Changed 3 years ago by SmileyChris
- Needs documentation unset
- Needs tests unset
- Patch needs improvement unset
- Triage Stage changed from Unreviewed to Design decision needed
comment:2 Changed 2 years ago by aaugustin
- Triage Stage changed from Design decision needed to Accepted
comment:5 Changed 12 months ago by jorgecarleitao
- Owner changed from nobody to jorgecarleitao
- Status changed from new to assigned
comment:10 Changed 10 months ago by Tim Graham <timograham@…>
- Resolution set to fixed
- Status changed from assigned to closed