#28713 closed Bug (fixed)
ModelBackend call to get_all_permissions() makes get_user_permissions() return all permissions
Reported by: | Yuri Kaszubowski Lopes | Owned by: | nobody |
---|---|---|---|
Component: | contrib.auth | Version: | dev |
Severity: | Normal | Keywords: | |
Cc: | Triage Stage: | Unreviewed | |
Has patch: | yes | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | no |
Description
django.contrib.auth.backends.ModelBackend.get_all_permissions() overwrites the _user_perm_cache as:
user_obj._perm_cache = self.get_user_permissions(user_obj) # returns the set that is mutable user_obj._perm_cache.update(self.get_group_permissions(user_obj)) # therefore, the set is changed here
An alternative solution would be:
user_obj._perm_cache = set() user_obj._perm_cache.update(self.get_user_permissions(user_obj)) user_obj._perm_cache.update(self.get_group_permissions(user_obj))
Note:
See TracTickets
for help on using tickets.
In d98210c2: