Opened 12 years ago
Closed 12 years ago
#19060 closed Bug (fixed)
has_perm() raises exception when used with custom user inheriting AbstractUser
Reported by: | Ivan Virabyan | Owned by: | nobody |
---|---|---|---|
Component: | contrib.auth | Version: | dev |
Severity: | Release blocker | Keywords: | |
Cc: | Triage Stage: | Accepted | |
Has patch: | yes | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | no |
Description
from django.contrib.auth.models import AbstractUser class CustomUser(AbstractUser): avatar = models.ImageField(upload_to='avatars') >>> user = CustomUser.objects.create_user(username='test', email='test@example.com') >>> user.has_perm('test') Traceback (most recent call last): ... File "django/django/db/models/fields/related.py", line 1197, in _get_m2m_reverse_attr for f in self.rel.through._meta.fields: AttributeError: 'NoneType' object has no attribute '_meta'
This isn't reproducable in test environment, because m2m "through" table created before settings.CUSTOM_USER_MODEL is overriden.
Attachments (1)
Change History (5)
by , 12 years ago
Attachment: | customuser.diff added |
---|
comment:1 by , 12 years ago
My hunch is that this is basically a duplicate of the issues in #19049
Can you check to see whether the fix there also resolves this?
comment:2 by , 12 years ago
No, it doesnt solve this problem. This bug is caused by auth backend, which assumes user model to have name User:
Permission.objects.filter(group__user=user_obj)
so when our custom model has name CustomUser
, it doesnt work, because filter expression must be of the form group__customuser
comment:3 by , 12 years ago
Triage Stage: | Unreviewed → Accepted |
---|
Agreed - this is definitely a problem, and your fix seems like a reasonable approach.
We really do need a way to test for the sort of problem that this report reveals (i.e., for Django's test suite to contain a test project that has AUTH_USER_MODEL defined at project startup). There have been several recent reports that have needed a clear way to test the "there isn't a default User model" case.
A related problem - I suspect we may be able to factor the has_perm calls onto AbstractBaseUser. They're completely generic anyway, relying on the auth backend for calculations; it seems weird to ask people to reproduce that logic. This may require further changes to the default auth backend to check whether permissions are in use at all.
comment:4 by , 12 years ago
Resolution: | → fixed |
---|---|
Status: | new → closed |
don't expect custom user model to be called User