mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-07-24 13:44:32 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

Fixed #17903 -- Modified ModelBackend to eliminate permissions on inactive users.

Browse source 
Thanks to @SmileyChris for the report and @timgraham for review.
This commit is contained in:
Jorge C. Leitão 2014-06-14 16:58:16 +02:00 committed by Tim Graham
parent 0a8c0eda2a
commit c33447a50c
3 changed files with 36 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

13
docs/ref/contrib/auth.txt
View file

@ -446,21 +446,20 @@ The following backends are available in :mod:`django.contrib.auth.backends`:
.. versionadded:: 1.8
Returns the set of permission strings the ``user_obj`` has from their
own user permissions. Returns an empty set if the user
:meth:`~django.contrib.auth.models.AbstractBaseUser.is_anonymous`.
own user permissions. Returns an empty set if the user is not
:meth:`active <django.contrib.auth.models.CustomUser.is_active>`.
.. method:: get_group_permissions(user_obj, obj=None)
Returns the set of permission strings the ``user_obj`` has from the
permissions of the groups they belong. Returns an empty set if the user
:meth:`~django.contrib.auth.models.AbstractBaseUser.is_anonymous`.
is not :meth:`active <django.contrib.auth.models.CustomUser.is_active>`.
.. method:: get_all_permissions(user_obj, obj=None)
Returns the set of permission strings the ``user_obj`` has, including
both user permissions and groups permissions. Returns an empty set if
the user
:meth:`~django.contrib.auth.models.AbstractBaseUser.is_anonymous`.
Returns the set of permission strings the ``user_obj`` has, including both
user permissions and group permissions. Returns an empty set if the
user is not :meth:`active <django.contrib.auth.models.CustomUser.is_active>`.
.. method:: has_perm(user_obj, perm, obj=None)