Author: claudep Date: 2012-04-26 10:15:40 -0700 (Thu, 26 Apr 2012) New Revision: 17938
Modified: django/trunk/django/contrib/auth/__init__.py django/trunk/django/contrib/auth/backends.py django/trunk/django/contrib/auth/models.py django/trunk/django/contrib/auth/tests/__init__.py django/trunk/django/contrib/auth/tests/auth_backends.py django/trunk/docs/topics/auth.txt Log: Fixed #18038 -- Removed the 'supports_inactive_user' backwards-compatibility flag. Thanks Aymeric Augustin for the initial patch and Ramiro Morales for the review. Modified: django/trunk/django/contrib/auth/__init__.py =================================================================== --- django/trunk/django/contrib/auth/__init__.py 2012-04-25 19:17:47 UTC (rev 17937) +++ django/trunk/django/contrib/auth/__init__.py 2012-04-26 17:15:40 UTC (rev 17938) @@ -1,4 +1,3 @@ -from warnings import warn from django.core.exceptions import ImproperlyConfigured from django.utils.importlib import import_module from django.contrib.auth.signals import user_logged_in, user_logged_out @@ -20,11 +19,6 @@ cls = getattr(mod, attr) except AttributeError: raise ImproperlyConfigured('Module "%s" does not define a "%s" authentication backend' % (module, attr)) - - if not hasattr(cls, 'supports_inactive_user'): - warn("Authentication backends without a `supports_inactive_user` attribute are deprecated. Please define it in %s." % cls, - DeprecationWarning) - cls.supports_inactive_user = False return cls() def get_backends(): Modified: django/trunk/django/contrib/auth/backends.py =================================================================== --- django/trunk/django/contrib/auth/backends.py 2012-04-25 19:17:47 UTC (rev 17937) +++ django/trunk/django/contrib/auth/backends.py 2012-04-26 17:15:40 UTC (rev 17938) @@ -5,7 +5,6 @@ """ Authenticates against django.contrib.auth.models.User. """ - supports_inactive_user = True # TODO: Model, login attribute name and password attribute name should be # configurable. Modified: django/trunk/django/contrib/auth/models.py =================================================================== --- django/trunk/django/contrib/auth/models.py 2012-04-25 19:17:47 UTC (rev 17937) +++ django/trunk/django/contrib/auth/models.py 2012-04-26 17:15:40 UTC (rev 17938) @@ -200,14 +200,13 @@ anon = user.is_anonymous() active = user.is_active for backend in auth.get_backends(): - if anon or active or backend.supports_inactive_user: - if hasattr(backend, "has_perm"): - if obj is not None: - if backend.has_perm(user, perm, obj): - return True - else: - if backend.has_perm(user, perm): - return True + if hasattr(backend, "has_perm"): + if obj is not None: + if backend.has_perm(user, perm, obj): + return True + else: + if backend.has_perm(user, perm): + return True return False @@ -215,10 +214,9 @@ anon = user.is_anonymous() active = user.is_active for backend in auth.get_backends(): - if anon or active or backend.supports_inactive_user: - if hasattr(backend, "has_module_perms"): - if backend.has_module_perms(user, app_label): - return True + if hasattr(backend, "has_module_perms"): + if backend.has_module_perms(user, app_label): + return True return False Modified: django/trunk/django/contrib/auth/tests/__init__.py =================================================================== --- django/trunk/django/contrib/auth/tests/__init__.py 2012-04-25 19:17:47 UTC (rev 17937) +++ django/trunk/django/contrib/auth/tests/__init__.py 2012-04-26 17:15:40 UTC (rev 17938) @@ -1,6 +1,6 @@ from django.contrib.auth.tests.auth_backends import (BackendTest, RowlevelBackendTest, AnonymousUserBackendTest, NoBackendsTest, - InActiveUserBackendTest, NoInActiveUserBackendTest) + InActiveUserBackendTest) from django.contrib.auth.tests.basic import BasicTestCase from django.contrib.auth.tests.context_processors import AuthContextProcessorTests from django.contrib.auth.tests.decorators import LoginRequiredTestCase Modified: django/trunk/django/contrib/auth/tests/auth_backends.py =================================================================== --- django/trunk/django/contrib/auth/tests/auth_backends.py 2012-04-25 19:17:47 UTC (rev 17937) +++ django/trunk/django/contrib/auth/tests/auth_backends.py 2012-04-26 17:15:40 UTC (rev 17938) @@ -104,12 +104,6 @@ class SimpleRowlevelBackend(object): - supports_inactive_user = False - - # This class also supports tests for anonymous user permissions, and - # inactive user permissions via subclasses which just set the - # 'supports_anonymous_user' or 'supports_inactive_user' attribute. - def has_perm(self, user, perm, obj=None): if not obj: return # We only support row level perms @@ -196,16 +190,12 @@ self.assertEqual(self.user3.get_group_permissions(TestObj()), set(['group_perm'])) -class AnonymousUserBackend(SimpleRowlevelBackend): - supports_inactive_user = False - - class AnonymousUserBackendTest(TestCase): """ Tests for AnonymousUser delegating to backend. """ - backend = 'django.contrib.auth.tests.auth_backends.AnonymousUserBackend' + backend = 'django.contrib.auth.tests.auth_backends.SimpleRowlevelBackend' def setUp(self): self.curr_auth = settings.AUTHENTICATION_BACKENDS @@ -243,21 +233,12 @@ self.assertRaises(ImproperlyConfigured, self.user.has_perm, ('perm', TestObj(),)) -class InActiveUserBackend(SimpleRowlevelBackend): - supports_inactive_user = True - - -class NoInActiveUserBackend(SimpleRowlevelBackend): - supports_inactive_user = False - - class InActiveUserBackendTest(TestCase): """ - Tests for a inactive user delegating to backend if it has 'supports_inactive_user' = True + Tests for a inactive user """ + backend = 'django.contrib.auth.tests.auth_backends.SimpleRowlevelBackend' - backend = 'django.contrib.auth.tests.auth_backends.InActiveUserBackend' - def setUp(self): self.curr_auth = settings.AUTHENTICATION_BACKENDS settings.AUTHENTICATION_BACKENDS = (self.backend,) @@ -275,29 +256,3 @@ def test_has_module_perms(self): self.assertEqual(self.user1.has_module_perms("app1"), False) self.assertEqual(self.user1.has_module_perms("app2"), False) - - -class NoInActiveUserBackendTest(TestCase): - """ - Tests that an inactive user does not delegate to backend if it has 'supports_inactive_user' = False - """ - backend = 'django.contrib.auth.tests.auth_backends.NoInActiveUserBackend' - - def setUp(self): - self.curr_auth = settings.AUTHENTICATION_BACKENDS - settings.AUTHENTICATION_BACKENDS = tuple(self.curr_auth) + (self.backend,) - self.user1 = User.objects.create_user('test', 't...@example.com', 'test') - self.user1.is_active = False - self.user1.save() - - def tearDown(self): - settings.AUTHENTICATION_BACKENDS = self.curr_auth - - def test_has_perm(self): - self.assertEqual(self.user1.has_perm('perm', TestObj()), False) - self.assertEqual(self.user1.has_perm('inactive', TestObj()), False) - - def test_has_module_perms(self): - self.assertEqual(self.user1.has_module_perms("app1"), False) - self.assertEqual(self.user1.has_module_perms("app2"), False) - Modified: django/trunk/docs/topics/auth.txt =================================================================== --- django/trunk/docs/topics/auth.txt 2012-04-25 19:17:47 UTC (rev 17937) +++ django/trunk/docs/topics/auth.txt 2012-04-26 17:15:40 UTC (rev 17938) @@ -1831,8 +1831,6 @@ ADMIN_PASSWORD = 'sha1$4e987$afbcf42e21bd417fb71db8c66b321e9fc33051de' """ - supports_inactive_user = False - def authenticate(self, username=None, password=None): login_valid = (settings.ADMIN_LOGIN == username) pwd_valid = check_password(password, settings.ADMIN_PASSWORD) @@ -1931,17 +1929,10 @@ anonymous users to have permissions to do something while inactive authenticated users do not. -To enable this on your own backend, you must set the class attribute -``supports_inactive_user`` to ``True``. +Do not forget to test for the ``is_active`` attribute of the user in your own +backend permission methods. -A nonexisting ``supports_inactive_user`` attribute will raise a -``PendingDeprecationWarning`` if used in Django 1.3. In Django 1.4, this -warning will be updated to a ``DeprecationWarning`` which will be displayed -loudly. Additionally ``supports_inactive_user`` will be set to ``False``. -Django 1.5 will assume that every backend supports inactive users being -passed to the authorization methods. - Handling object permissions --------------------------- -- You received this message because you are subscribed to the Google Groups "Django updates" group. To post to this group, send email to django-updates@googlegroups.com. To unsubscribe from this group, send email to django-updates+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-updates?hl=en.