Opened 3 years ago
Last modified 3 years ago
#32255 closed New feature
User.has_perm should forward *args and **kwargs to allow more flexibility in authentication backends — at Initial Version
| Reported by: | Matteo Parrucci | Owned by: | nobody |
|---|---|---|---|
| Component: | contrib.auth | Version: | 3.1 |
| Severity: | Normal | Keywords: | auth, django.contrib.auth, authentication, request, has_perm, has_perms, sites, django.contrib.sites |
| Cc: | Florian Apolloner | Triage Stage: | Unreviewed |
| Has patch: | yes | Needs documentation: | no |
| Needs tests: | yes | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
The situation
I would like to check user permission based on the django.contrib.sites I'm in. To get the active site, django.contrib.sites needs the request so he can match the hostname. I'm using django-rules at the moment but It's quite generic.
The Problem
Not having the request in has_perm/has_perms I cannot check permissions based on the currently active site
The "call stack" detail is here: https://github.com/dfunckt/django-rules/issues/130
A possible solution
Adding *args and **kwargs to has_perm and has_perms signatures would allow greater flexibility for the custom authentication backends leaving intact what we have now. In my case, for example, I could check permission in my django-rules predicates having the the request passed in and check if I have rights for the current site, but I think my case is quite limited and all new authentication backends would benefit from this change.