Seems like maybe it would be more helpful if has_perm logged a note about the permission not existing (probably only in debug), rather than just returning False. In fact, I'd argue it should still return True -- if the permission did exist, the superuser would have it. And there's a backwards-compatibility argument. Think of superusers more as "permissions don't apply to me" than "I have all permissions".
Dan On Sunday, September 24, 2017 at 10:56:40 AM UTC-4, moshe nahmias wrote: > > Hi, > I am a python developer and like to use Django for web development. > Since I like the framework I want to contribute back, so I looked at the > open tickets to find something I can start with contributing and found > ticket 28588. > > This ticket is about when checking if the user has permission for some > action if the user is super user he/she gets it all the time, even when the > permission doesn't exist, and this is not developer friendly because the > developer can mistakenly think that everything is fine even when the > permission doesn't exist. > > As I understand (and correct me if I'm wrong) there should be a discussion > about if we want to do this. > > If accepted I would like to do this, I think it's an easy enough change > for a new contributor like me. > > As I understand the ticket the problem is that a developer gets confused > on this behaviour (and it's illogical) that the super user is having a > permission that doesn't exist. > > What do you think? (I think I will discuss my solution or optional > solutions after we decide if we want to change this behaviour) > > [1] https://code.djangoproject.com/ticket/28588 > -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To post to this group, send email to django-developers@googlegroups.com. Visit this group at https://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/d0430a0f-04d9-484d-b888-bddf6f53ff95%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
