mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-08-03 18:38:50 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Restored is_anonymous() check in ModelBackend permission checking removed in refs #17903.

Browse source 
Thanks Florian Apolloner for raising the issue.
This commit is contained in:
Tim Graham 2014-06-24 07:09:38 -04:00
parent 460ec09d2e
commit 150d88cc2c
3 changed files with 39 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

17
docs/ref/contrib/auth.txt
View file

@ -446,26 +446,29 @@ The following backends are available in :mod:`django.contrib.auth.backends`:
.. versionadded:: 1.8
Returns the set of permission strings the ``user_obj`` has from their
own user permissions. Returns an empty set if the user is not
:meth:`active <django.contrib.auth.models.CustomUser.is_active>`.
own user permissions. Returns an empty set if
:meth:`~django.contrib.auth.models.AbstractBaseUser.is_anonymous` or
:attr:`~django.contrib.auth.models.CustomUser.is_active` is ``False``.
.. method:: get_group_permissions(user_obj, obj=None)
Returns the set of permission strings the ``user_obj`` has from the
permissions of the groups they belong. Returns an empty set if the user
is not :meth:`active <django.contrib.auth.models.CustomUser.is_active>`.
permissions of the groups they belong. Returns an empty set if
:meth:`~django.contrib.auth.models.AbstractBaseUser.is_anonymous` or
:attr:`~django.contrib.auth.models.CustomUser.is_active` is ``False``.
.. method:: get_all_permissions(user_obj, obj=None)
Returns the set of permission strings the ``user_obj`` has, including both
user permissions and group permissions. Returns an empty set if the
user is not :meth:`active <django.contrib.auth.models.CustomUser.is_active>`.
user permissions and group permissions. Returns an empty set if
:meth:`~django.contrib.auth.models.AbstractBaseUser.is_anonymous` or
:attr:`~django.contrib.auth.models.CustomUser.is_active` is ``False``.
.. method:: has_perm(user_obj, perm, obj=None)
Uses :meth:`get_all_permissions` to check if ``user_obj`` has the
permission string ``perm``. Returns ``False`` if the user is not
:meth:`~django.contrib.auth.models.CustomUser.is_active`.
:attr:`~django.contrib.auth.models.CustomUser.is_active`.
.. method:: has_module_perms(self, user_obj, app_label)