Fixed #7599 -- Added get_user_permissions to ModelBackend.

Thanks to @gdub for the report and intial patch and @charettes and @timgraham for the review.
2025-08-04 02:48:35 +00:00 · 2013-12-30 08:37:27 +01:00 · 2013-12-30 08:37:27 +01:00 · cc35bd461d
commit cc35bd461d
parent 504c89e800
2 changed files with 81 additions and 10 deletions
--- a/docs/ref/contrib/auth.txt
+++ b/docs/ref/contrib/auth.txt
@ -425,6 +425,54 @@ The following backends are available in :mod:`django.contrib.auth.backends`:
    :class:`~django.contrib.auth.models.User` and
    :class:`~django.contrib.auth.models.PermissionsMixin`.

+    :meth:`has_perm`, :meth:`get_all_permissions`, :meth:`get_user_permissions`,
+    and :meth:`get_group_permissions` allow an object to be passed as a
+    parameter for object-specific permissions, but this backend does not
+    implement them other than returning an empty set of permissions if
+    ``obj is not None``.
+
+    .. method:: authenticate(username=None, password=None, **kwargs)
+
+        Tries to authenticate ``username`` with ``password`` by calling
+        :meth:`User.check_password
+        <django.contrib.auth.models.User.check_password>`. If no ``username``
+        is provided, it tries to fetch a username from ``kwargs`` using the
+        key :attr:`CustomUser.USERNAME_FIELD
+        <django.contrib.auth.models.CustomUser.USERNAME_FIELD>`. Returns an
+        authenticated user or ``None``.
+
+    .. method:: get_user_permissions(user_obj, obj=None)
+
+        .. versionadded:: 1.8
+
+        Returns the set of permission strings the ``user_obj`` has from their
+        own user permissions. Returns an empty set if the user
+        :meth:`~django.contrib.auth.models.AbstractBaseUser.is_anonymous`.
+
+    .. method:: get_group_permissions(user_obj, obj=None)
+
+        Returns the set of permission strings the ``user_obj`` has from the
+        permissions of the groups they belong. Returns an empty set if the user
+        :meth:`~django.contrib.auth.models.AbstractBaseUser.is_anonymous`.
+
+    .. method:: get_all_permissions(user_obj, obj=None)
+
+        Returns the set of permission strings the ``user_obj`` has, including
+        both user permissions and groups permissions. Returns an empty set if
+        the user
+        :meth:`~django.contrib.auth.models.AbstractBaseUser.is_anonymous`.
+
+    .. method:: has_perm(user_obj, perm, obj=None)
+
+        Uses :meth:`get_all_permissions` to check if ``user_obj`` has the
+        permission string ``perm``. Returns ``False`` if the user is not
+        :meth:`~django.contrib.auth.models.CustomUser.is_active`.
+
+    .. method:: has_module_perms(self, user_obj, app_label)
+
+        Returns whether the ``user_obj`` has any permissions on the app
+        ``app_label``.
+
 .. class:: RemoteUserBackend

    Use this backend to take advantage of external-to-Django-handled