Context Navigation

← Previous Ticket
Next Ticket →

#20834 closed New feature (fixed)

Document how user permission caching works

Reported by:	Giggaflop	Owned by:	Jennifer
Component:	Documentation	Version:
Severity:	Normal	Keywords:	afraid-to-commit
Cc:	Daniele Procida	Triage Stage:	Accepted
Has patch:	yes	Needs documentation:	no
Needs tests:	no	Patch needs improvement:	no
Easy pickings:	no	UI/UX:	no

Description

Could it be mentioned on the API Methods for Django authentication that it may be required that the User object is reobtained if dynamically adding permissions. This is due to them being cached by Django.

This was not made clear by the documentation and has wasted considerable amount of time tracking down until i hit upon this Stack Overflow.

Change History (12)

comment:1 by anonymous, 11 years ago

Type:	Uncategorized → New feature

comment:2 by Tim Graham, 11 years ago

Summary:	User objects Cache permissions data → Document how user permission caching works
Triage Stage:	Unreviewed → Accepted

Yes, this seems like a good thing to mention. Do you think you could write up a patch or simply some text about what you would say?

comment:3 by Giggaflop, 11 years ago

I would do something along the lines of.

It may be required that the User object is reobtained if dynamically adding permissions. This is due to them being cached by Django.

def user_gains_perms(request, user_id):
    user = get_object_or_404(pk=user_id)
    permission = Permission.objects.get(codename="all_the_things")
    user.user_permissions.add(permission)

    # Note the user object has not gained the permission
    user.has_perms('all_the_things') # False

    # Request new instance of User
    user = get_object_or_404(pk=user_id)
    
    # Now note how the permissions have been updated
    user.has_perms('all_the_things') # True

    return HttpResponseRedirect(reverse('index'))

comment:4 by Daniele Procida, 11 years ago

Cc:	Daniele Procida added
Keywords:	afraid-to-commit added

comment:5 by Daniele Procida, 11 years ago

I've marked this ticket as especially suitable for first-time committers or people following the Don't be afraid to commit tutorial. If you're tackling this ticket, please don't hesitate to ask me for guidance if you'd like any, either here or on the Django IRC channels, where I can be found as EvilDMP.

comment:6 by Jennifer, 11 years ago

I notice that the documentation referred to in the original report is for django 1.3 here is the link for the latest documentation version: https://docs.djangoproject.com/en/dev/ref/contrib/auth/#methods

comment:7 by Jennifer, 11 years ago

Owner:	changed from nobody to Jennifer
Status:	new → assigned

comment:8 by Jennifer, 11 years ago

I have made pull request for review https://github.com/django/django/pull/1754

comment:9 by Tim Graham, 11 years ago

Has patch:	set
Patch needs improvement:	set

I left some comments for improvement on the pull request.

comment:10 by Tim Graham, 10 years ago

Patch needs improvement:	unset

Here's a PR for review.

comment:11 by Tim Graham <timograham@…>, 10 years ago

Resolution:	→ fixed
Status:	assigned → closed

In 5f9790072d52443aff9a0e04f1552f1e29489521:

Fixed #20834 -- Described how caching of user permissions works.

Thanks Giggaflop and Jennifer Casavantes.

comment:12 by Tim Graham <timograham@…>, 10 years ago

In 8eca53f0bef783e5c11877fe18a6651543605af1:

[1.6.x] Fixed #20834 -- Described how caching of user permissions works.

Thanks Giggaflop and Jennifer Casavantes.

Backport of 5f9790072d from master

Note: See TracTickets for help on using tickets.

Download in other formats:

Issues