id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
28131	"Template variable ""perms"" single-attribute lookup does not work as documented"	Meiyer	Botond Béres	"The [https://docs.djangoproject.com/en/1.11/topics/auth/default/#permissions documentation] states that the template variable `perms` may be used with single-attribute lookup `{{ perms.foo }}` to check for module-level permissions, proxying to `User.has_module_perms`. 
This is not the case in reality. Using single-attribute lookup causes the tag to output all permissions the user has in the module `foo`, as text.

This is caused by `django.contrib.auth.context_processors.PermWrapper`’s method
{{{#!python
    def __getitem__(self, app_label):
        return PermLookupDict(self.user, app_label)
}}}
which in turn invokes the `PermLookupDict`’s method
{{{#!python
    def __repr__(self):
        return str(self.user.get_all_permissions())
}}}

The behaviour is different from the `{{ ""foo"" in perms }}` construct, which resolves to `PermWrapper`’s `__contains__` that correctly casts the operation to a boolean, causing the `PermLookupDict`’s method 
{{{#!python
    def __bool__(self):
        return self.user.has_module_perms(self.app_label) 
}}}
to be used instead.

This issue goes back to at least version 1.6 and forward through all versions up to 1.11 (and apparently the single-attribute lookup feature is not used by anyone because this issue went unreported for at least four years)."	Bug	closed	Documentation	1.8	Normal	fixed			Accepted	1	0	0	0	0	0