subject:"\[Django\] #14249\: Inactive users have less permissions then anonymous users with custom backend"

Re: [Django] #14249: Inactive users have less permissions then anonymous users with custom backend

2011-02-12 Thread Django

#14249: Inactive users have less permissions then anonymous users with custom
backend
--+-
   Reporter:  hvdklauw| Owner:  nobody   
 Status:  closed  | Milestone:  1.3  
  Component:  Authentication  |   Version:  1.3-alpha
 Resolution:  fixed   |  Keywords:   
   Triage Stage:  Accepted| Has patch:  1
Needs documentation:  0   |   Needs tests:  0
Patch needs improvement:  0   |  
--+-
Changes (by jezdez):

  * status:  reopened => closed
  * resolution:  => fixed


Comment:

 Closing after giving this a bit more thought.

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To post to this group, send email to django-updates@googlegroups.com.
To unsubscribe from this group, send email to 
django-updates+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-updates?hl=en.

Re: [Django] #14249: Inactive users have less permissions then anonymous users with custom backend

2011-01-19 Thread Django

#14249: Inactive users have less permissions then anonymous users with custom
backend
-+--
  Reporter:  hvdklauw| Owner:  nobody   
Status:  reopened| Milestone:  1.3  
 Component:  Authentication  |   Version:  1.3-alpha
Resolution:  |  Keywords:   
 Stage:  Accepted| Has_patch:  1
Needs_docs:  0   |   Needs_tests:  0
Needs_better_patch:  0   |  
-+--
Comment (by hvdklauw):

 What is being deprecated here?
 - The supports_inactive_user flag
 - Or the fact that we you can use backends without the flag in django?


 As I read the docs it is indeed a PendingDeprecation for 1.3
 a deprecation for 1.4
 and a removal of all the checks and everything for 1.5 (We now assume the
 backend supports inactive users)

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To post to this group, send email to django-updates@googlegroups.com.
To unsubscribe from this group, send email to 
django-updates+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-updates?hl=en.

Re: [Django] #14249: Inactive users have less permissions then anonymous users with custom backend

2011-01-14 Thread Django

#14249: Inactive users have less permissions then anonymous users with custom
backend
-+--
  Reporter:  hvdklauw| Owner:  nobody   
Status:  reopened| Milestone:  1.3  
 Component:  Authentication  |   Version:  1.3-alpha
Resolution:  |  Keywords:   
 Stage:  Accepted| Has_patch:  1
Needs_docs:  0   |   Needs_tests:  0
Needs_better_patch:  0   |  
-+--
Comment (by SmileyChris):

 Er, this is what the changed documentation said, and is also the normal
 deprecation path isn't it?

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To post to this group, send email to django-updates@googlegroups.com.
To unsubscribe from this group, send email to 
django-updates+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-updates?hl=en.

Re: [Django] #14249: Inactive users have less permissions then anonymous users with custom backend

2011-01-14 Thread Django

#14249: Inactive users have less permissions then anonymous users with custom
backend
-+--
  Reporter:  hvdklauw| Owner:  nobody   
Status:  reopened| Milestone:  1.3  
 Component:  Authentication  |   Version:  1.3-alpha
Resolution:  |  Keywords:   
 Stage:  Accepted| Has_patch:  1
Needs_docs:  0   |   Needs_tests:  0
Needs_better_patch:  0   |  
-+--
Changes (by jezdez):

  * status:  closed => reopened
  * resolution:  fixed =>

Comment:

 Changing this to a pendingdeprecation warning doesn't make sense here,
 since we are going to require to support inactive users in 1.5.

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To post to this group, send email to django-updates@googlegroups.com.
To unsubscribe from this group, send email to 
django-updates+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-updates?hl=en.

Re: [Django] #14249: Inactive users have less permissions then anonymous users with custom backend

2010-12-15 Thread Django

#14249: Inactive users have less permissions then anonymous users with custom
backend
-+--
  Reporter:  hvdklauw| Owner:  nobody   
Status:  new | Milestone:  1.3  
 Component:  Authentication  |   Version:  1.3-alpha
Resolution:  |  Keywords:   
 Stage:  Accepted| Has_patch:  1
Needs_docs:  0   |   Needs_tests:  0
Needs_better_patch:  0   |  
-+--
Changes (by jgelens):

 * cc: jgel...@gmail.com (added)

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To post to this group, send email to django-upda...@googlegroups.com.
To unsubscribe from this group, send email to 
django-updates+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-updates?hl=en.

Re: [Django] #14249: Inactive users have less permissions then anonymous users with custom backend

2010-12-14 Thread Django

#14249: Inactive users have less permissions then anonymous users with custom
backend
-+--
  Reporter:  hvdklauw| Owner:  nobody   
Status:  new | Milestone:  1.3  
 Component:  Authentication  |   Version:  1.3-alpha
Resolution:  |  Keywords:   
 Stage:  Accepted| Has_patch:  1
Needs_docs:  0   |   Needs_tests:  0
Needs_better_patch:  0   |  
-+--
Changes (by jezdez):

  * stage:  Design decision needed => Accepted

Comment:

 Accepting this based on the fact that if omitted this would make the auth
 backend inconsistent with regard to anonymous users.

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To post to this group, send email to django-upda...@googlegroups.com.
To unsubscribe from this group, send email to 
django-updates+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-updates?hl=en.

Re: [Django] #14249: Inactive users have less permissions then anonymous users with custom backend

2010-12-14 Thread Django

#14249: Inactive users have less permissions then anonymous users with custom
backend
-+--
  Reporter:  hvdklauw| Owner:  nobody   
Status:  new | Milestone:  1.3  
 Component:  Authentication  |   Version:  1.3-alpha
Resolution:  |  Keywords:   
 Stage:  Design decision needed  | Has_patch:  1
Needs_docs:  0   |   Needs_tests:  0
Needs_better_patch:  0   |  
-+--
Changes (by anonymous):

  * version:  1.2 => 1.3-alpha

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To post to this group, send email to django-upda...@googlegroups.com.
To unsubscribe from this group, send email to 
django-updates+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-updates?hl=en.

Re: [Django] #14249: Inactive users have less permissions then anonymous users with custom backend

2010-11-23 Thread Django

#14249: Inactive users have less permissions then anonymous users with custom
backend
-+--
  Reporter:  hvdklauw| Owner:  nobody
Status:  new | Milestone:  1.3   
 Component:  Authentication  |   Version:  1.2   
Resolution:  |  Keywords:
 Stage:  Design decision needed  | Has_patch:  1 
Needs_docs:  0   |   Needs_tests:  0 
Needs_better_patch:  0   |  
-+--
Changes (by hvdklauw):

  * has_patch:  0 => 1

Comment:

 Think that's it.
 The in_active user permission system is a bit weird in that the
 get_all_permissions function does return the permissions for an inactive
 user.

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To post to this group, send email to django-upda...@googlegroups.com.
To unsubscribe from this group, send email to 
django-updates+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-updates?hl=en.

Re: [Django] #14249: Inactive users have less permissions then anonymous users with custom backend

2010-10-11 Thread Django

#14249: Inactive users have less permissions then anonymous users with custom
backend
-+--
  Reporter:  hvdklauw| Owner:  nobody
Status:  new | Milestone:  1.3   
 Component:  Authentication  |   Version:  1.2   
Resolution:  |  Keywords:
 Stage:  Design decision needed  | Has_patch:  0 
Needs_docs:  0   |   Needs_tests:  0 
Needs_better_patch:  0   |  
-+--
Comment (by Alex):

 Seems to me we'd want to add a flag to Auth backends, like we did for
 anonymous and per-object permissions.

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To post to this group, send email to django-upda...@googlegroups.com.
To unsubscribe from this group, send email to 
django-updates+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-updates?hl=en.

Re: [Django] #14249: Inactive users have less permissions then anonymous users with custom backend

2010-09-10 Thread Django

#14249: Inactive users have less permissions then anonymous users with custom
backend
-+--
  Reporter:  hvdklauw| Owner:  nobody
Status:  new | Milestone:  1.3   
 Component:  Authentication  |   Version:  1.2   
Resolution:  |  Keywords:
 Stage:  Design decision needed  | Has_patch:  0 
Needs_docs:  0   |   Needs_tests:  0 
Needs_better_patch:  0   |  
-+--
Comment (by hvdklauw):

 You're right. I overlooked that one.
 Also a superuser without permissions might be weird ;-)

 I guess we'll have to add another property to the backend as #12557 did to
 make sure if people update it get's checked.

 I'll see if I have time this week to write a patch.

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To post to this group, send email to django-upda...@googlegroups.com.
To unsubscribe from this group, send email to 
django-updates+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-updates?hl=en.

Re: [Django] #14249: Inactive users have less permissions then anonymous users with custom backend

2010-09-10 Thread Django

#14249: Inactive users have less permissions then anonymous users with custom
backend
-+--
  Reporter:  hvdklauw| Owner:  nobody
Status:  new | Milestone:  1.3   
 Component:  Authentication  |   Version:  1.2   
Resolution:  |  Keywords:
 Stage:  Design decision needed  | Has_patch:  0 
Needs_docs:  0   |   Needs_tests:  0 
Needs_better_patch:  0   |  
-+--
Changes (by lukeplant):

  * stage:  Unreviewed => Design decision needed

Comment:

 I'm inclined to agree, but there is a security related backwards
 incompatibility: if someone has already implemented an auth backend, then
 this change will open up a hole where inactive users may get permissions,
 whereas before they had none.  That code will have to be updated to close
 the hole. So I'll mark design decision needed - please bring it up on
 django-devs.

 Thanks!

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To post to this group, send email to django-upda...@googlegroups.com.
To unsubscribe from this group, send email to 
django-updates+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-updates?hl=en.

Re: [Django] #14249: Inactive users have less permissions then anonymous users with custom backend

2010-09-10 Thread Django

#14249: Inactive users have less permissions then anonymous users with custom
backend
-+--
  Reporter:  hvdklauw| Owner:  nobody
Status:  new | Milestone:  1.3   
 Component:  Authentication  |   Version:  1.2   
Resolution:  |  Keywords:
 Stage:  Unreviewed  | Has_patch:  0 
Needs_docs:  0   |   Needs_tests:  0 
Needs_better_patch:  0   |  
-+--
Changes (by hvdklauw):

 * cc: hvdkl...@gmail.com (added)
  * needs_better_patch:  => 0
  * needs_tests:  => 0
  * needs_docs:  => 0

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To post to this group, send email to django-upda...@googlegroups.com.
To unsubscribe from this group, send email to 
django-updates+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-updates?hl=en.

[Django] #14249: Inactive users have less permissions then anonymous users with custom backend

2010-09-10 Thread Django

#14249: Inactive users have less permissions then anonymous users with custom
backend
+---
 Reporter:  hvdklauw|   Owner:  nobody
   Status:  new |   Milestone:  1.3   
Component:  Authentication  | Version:  1.2   
 Keywords:  |   Stage:  Unreviewed
Has_patch:  0   |  
+---
 With the closing of Ticket #12557 a custom backend could specify anonymous
 user permissions.

 However now I have a system where an anonymous user has some permissions
 and a logged in inactive user (User.is_active == False) has no permissions
 at all.

 I suggest the checks for is_active and is_superuser get removed as a check
 from the User class itself and instead get moved to the default
 authentication backend.

 That way the default way keeps working the way it currently does, but it
 will allow developers to use those two properties as they see fit when
 they implement a custom backend.

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To post to this group, send email to django-upda...@googlegroups.com.
To unsubscribe from this group, send email to 
django-updates+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-updates?hl=en.

Re: [Django] #14249: Inactive users have less permissions then anonymous users with custom backend

Re: [Django] #14249: Inactive users have less permissions then anonymous users with custom backend

Re: [Django] #14249: Inactive users have less permissions then anonymous users with custom backend

Re: [Django] #14249: Inactive users have less permissions then anonymous users with custom backend

Re: [Django] #14249: Inactive users have less permissions then anonymous users with custom backend

Re: [Django] #14249: Inactive users have less permissions then anonymous users with custom backend

Re: [Django] #14249: Inactive users have less permissions then anonymous users with custom backend

Re: [Django] #14249: Inactive users have less permissions then anonymous users with custom backend

Re: [Django] #14249: Inactive users have less permissions then anonymous users with custom backend

Re: [Django] #14249: Inactive users have less permissions then anonymous users with custom backend

Re: [Django] #14249: Inactive users have less permissions then anonymous users with custom backend

Re: [Django] #14249: Inactive users have less permissions then anonymous users with custom backend

[Django] #14249: Inactive users have less permissions then anonymous users with custom backend

13 matches

Site Navigation

Mail list logo

Footer information