Re: [Django] #32255: User.has_perm should forward **kwargs to allow more flexibility in authentication backends

[Django]

#32255: User.has_perm should forward **kwargs to allow more flexibility in
authentication backends
-+-
 Reporter:  Matteo Parrucci  |Owner:  Matteo
 |  Parrucci
 Type:  New feature  |   Status:  closed
Component:  contrib.auth |  Version:  3.1
 Severity:  Normal   |   Resolution:  wontfix
 Keywords:  auth,| Triage Stage:
  django.contrib.auth,   |  Unreviewed
  authentication, request,   |
  has_perm, has_perms, sites,|
  django.contrib.sites   |
Has patch:  1|  Needs documentation:  0
  Needs tests:  1|  Patch needs improvement:  0
Easy pickings:  0|UI/UX:  0
-+-
Changes (by Carlton Gibson):

 * stage:  Accepted => Unreviewed


-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/064.e3a9dfb12318722b6e2d911364c77d0e%40djangoproject.com.

Re: [Django] #32255: User.has_perm should forward **kwargs to allow more flexibility in authentication backends

[Django]

#32255: User.has_perm should forward **kwargs to allow more flexibility in
authentication backends
-+-
 Reporter:  Matteo Parrucci  |Owner:  Matteo
 |  Parrucci
 Type:  New feature  |   Status:  closed
Component:  contrib.auth |  Version:  3.1
 Severity:  Normal   |   Resolution:  wontfix
 Keywords:  auth,| Triage Stage:  Accepted
  django.contrib.auth,   |
  authentication, request,   |
  has_perm, has_perms, sites,|
  django.contrib.sites   |
Has patch:  1|  Needs documentation:  0
  Needs tests:  1|  Patch needs improvement:  0
Easy pickings:  0|UI/UX:  0
-+-
Changes (by Carlton Gibson):

 * status:  assigned => closed
 * resolution:   => wontfix


Comment:

 Given the difficulties here (and on the PR) let's move this to wontfix —
 pending an acceptable solution, it doesn't look feasible. Thanks all.

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/064.740f2d2ab23a80535282aaa3056c66b0%40djangoproject.com.

Re: [Django] #32255: User.has_perm should forward **kwargs to allow more flexibility in authentication backends

[Django]

#32255: User.has_perm should forward **kwargs to allow more flexibility in
authentication backends
-+-
 Reporter:  Matteo Parrucci  |Owner:  Matteo
 |  Parrucci
 Type:  New feature  |   Status:  assigned
Component:  contrib.auth |  Version:  3.1
 Severity:  Normal   |   Resolution:
 Keywords:  auth,| Triage Stage:  Accepted
  django.contrib.auth,   |
  authentication, request,   |
  has_perm, has_perms, sites,|
  django.contrib.sites   |
Has patch:  1|  Needs documentation:  0
  Needs tests:  1|  Patch needs improvement:  0
Easy pickings:  0|UI/UX:  0
-+-
Changes (by Florian Apolloner):

 * cc: Florian Apolloner (added)


Comment:

 > And what if there are no more kwargs and has_perm gets and forwards to
 the backends simply the request as context?

 That would work, but would add strong coupling to the request cycle, which
 is imo rather ugly. And yes, we already have it for `authenticate` but I
 still don't like it -- although it might be the better option in that
 regard :/ And even if we were to do that, we'd need to adjust
 https://github.com/django/django/blob/master/django/contrib/auth/decorators.py
 otherwise you'd probably get the request passed in 10% of the cases.

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/064.b5a2da58158f9ac47c9780fa3e9c233a%40djangoproject.com.

Re: [Django] #32255: User.has_perm should forward **kwargs to allow more flexibility in authentication backends

[Django]

#32255: User.has_perm should forward **kwargs to allow more flexibility in
authentication backends
-+-
 Reporter:  Matteo Parrucci  |Owner:  Matteo
 |  Parrucci
 Type:  New feature  |   Status:  assigned
Component:  contrib.auth |  Version:  3.1
 Severity:  Normal   |   Resolution:
 Keywords:  auth,| Triage Stage:  Accepted
  django.contrib.auth,   |
  authentication, request,   |
  has_perm, has_perms, sites,|
  django.contrib.sites   |
Has patch:  1|  Needs documentation:  0
  Needs tests:  1|  Patch needs improvement:  0
Easy pickings:  0|UI/UX:  0
-+-

Comment (by Matteo Parrucci):

 Replying to [comment:9 Florian Apolloner]:
 > But how would a 3rd party application that uses `has_perm` know which
 `**kwargs` to pass in? This is all nice and well if you control the code,
 but as soon as 3rd party apps (like the admin, even though  there you can
 probably manually override the check) come into play you no longer get
 anything passed. What would you fall back to then?

 Ok, you are right on this, I was thinking it with a project-wide scope but
 thinking it in the reusable apps scope it makes no sense.

 > What we really need would be to pass in some context (or make available)
 that can be populate from elsewhere (maybe already from a middleware). But
 to pass that down to the auth backends we would most likely need to use
 thread locals :/

 And what if there are no more kwargs and has_perm gets and forwards to the
 backends simply the request as context?

 - It would be more than enough to check the active site
 - Could be populated through middlewares in case we need something else.
 - In the admin and in the  views that uses permissionmixin we always have
 the request to pass to has_perm

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/064.30c544568dfc83b582d1784265fd3641%40djangoproject.com.

Re: [Django] #32255: User.has_perm should forward **kwargs to allow more flexibility in authentication backends

[Django]

#32255: User.has_perm should forward **kwargs to allow more flexibility in
authentication backends
-+-
 Reporter:  Matteo Parrucci  |Owner:  Matteo
 |  Parrucci
 Type:  New feature  |   Status:  assigned
Component:  contrib.auth |  Version:  3.1
 Severity:  Normal   |   Resolution:
 Keywords:  auth,| Triage Stage:  Accepted
  django.contrib.auth,   |
  authentication, request,   |
  has_perm, has_perms, sites,|
  django.contrib.sites   |
Has patch:  1|  Needs documentation:  0
  Needs tests:  1|  Patch needs improvement:  0
Easy pickings:  0|UI/UX:  0
-+-

Comment (by Florian Apolloner):

 > Adding `**kwargs` to has_perm and has_perms signatures would allow
 greater flexibility for the custom authentication backends leaving intact
 what we have now.

 But how would a 3rd party application that uses `has_perm` know which
 `**kwargs` to pass in? This is all nice and well if you control the code,
 but as soon as 3rd party apps (like the admin, even though  there you can
 probably manually override the check) come into play you no longer get
 anything passed. What would you fall back to then?

 What we really need would be to pass in some context (or make available)
 that can be populate from elsewhere (maybe already from a middleware). But
 to pass that down to the auth backends we would most likely need to use
 thread locals :/

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/064.671955028e6dcf71091b7dc1184141c2%40djangoproject.com.

Re: [Django] #32255: User.has_perm should forward **kwargs to allow more flexibility in authentication backends

[Django]

#32255: User.has_perm should forward **kwargs to allow more flexibility in
authentication backends
-+-
 Reporter:  Matteo Parrucci  |Owner:  Matteo
 |  Parrucci
 Type:  New feature  |   Status:  assigned
Component:  contrib.auth |  Version:  3.1
 Severity:  Normal   |   Resolution:
 Keywords:  auth,| Triage Stage:  Accepted
  django.contrib.auth,   |
  authentication, request,   |
  has_perm, has_perms, sites,|
  django.contrib.sites   |
Has patch:  1|  Needs documentation:  0
  Needs tests:  1|  Patch needs improvement:  0
Easy pickings:  0|UI/UX:  0
-+-
Changes (by Jacob Walls):

 * owner:  (none) => Matteo Parrucci


-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/064.aaa273e2e58e00254bf13687ce572827%40djangoproject.com.

Re: [Django] #32255: User.has_perm should forward **kwargs to allow more flexibility in authentication backends

[Django]

#32255: User.has_perm should forward **kwargs to allow more flexibility in
authentication backends
-+-
 Reporter:  Matteo Parrucci  |Owner:  (none)
 Type:  New feature  |   Status:  assigned
Component:  contrib.auth |  Version:  3.1
 Severity:  Normal   |   Resolution:
 Keywords:  auth,| Triage Stage:  Accepted
  django.contrib.auth,   |
  authentication, request,   |
  has_perm, has_perms, sites,|
  django.contrib.sites   |
Has patch:  1|  Needs documentation:  0
  Needs tests:  1|  Patch needs improvement:  0
Easy pickings:  0|UI/UX:  0
-+-
Changes (by Jacob Walls):

 * has_patch:  0 => 1
 * needs_tests:  0 => 1


-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/064.792943869b1ada6fff841aa4556070a2%40djangoproject.com.

Re: [Django] #32255: User.has_perm should forward **kwargs to allow more flexibility in authentication backends

[Django]

#32255: User.has_perm should forward **kwargs to allow more flexibility in
authentication backends
-+-
 Reporter:  Matteo Parrucci  |Owner:  (none)
 Type:  New feature  |   Status:  assigned
Component:  contrib.auth |  Version:  3.1
 Severity:  Normal   |   Resolution:
 Keywords:  auth,| Triage Stage:  Accepted
  django.contrib.auth,   |
  authentication, request,   |
  has_perm, has_perms, sites,|
  django.contrib.sites   |
Has patch:  0|  Needs documentation:  0
  Needs tests:  0|  Patch needs improvement:  0
Easy pickings:  0|UI/UX:  0
-+-

Comment (by Matteo Parrucci):

 Here it is the pull request:

 https://github.com/django/django/pull/13785

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/064.3ff5c9139c0bd4080cad01b11b52c64a%40djangoproject.com.

Re: [Django] #32255: User.has_perm should forward **kwargs to allow more flexibility in authentication backends

[Django]

#32255: User.has_perm should forward **kwargs to allow more flexibility in
authentication backends
-+-
 Reporter:  Matteo Parrucci  |Owner:  (none)
 Type:  New feature  |   Status:  assigned
Component:  contrib.auth |  Version:  3.1
 Severity:  Normal   |   Resolution:
 Keywords:  auth,| Triage Stage:  Accepted
  django.contrib.auth,   |
  authentication, request,   |
  has_perm, has_perms, sites,|
  django.contrib.sites   |
Has patch:  0|  Needs documentation:  0
  Needs tests:  0|  Patch needs improvement:  0
Easy pickings:  0|UI/UX:  0
-+-
Changes (by Carlton Gibson):

 * stage:  Unreviewed => Accepted


Comment:

 Hey Matteo — could you put the proposed change into a PR so we can see the
 diff? Essentially, if it's not a breaking change then OK, otherwise it's
 difficult — much easier to see that in a PR. Thanks.

 Seems reasonable from the description. I'll provisionally Accept on that
 basis. (Can't immediately see how adding `**kwargs` would be breaking
 change so …)

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/064.422e38584ec1e23957677eaf0eec1dd5%40djangoproject.com.

Re: [Django] #32255: User.has_perm should forward **kwargs to allow more flexibility in authentication backends

[Django]

#32255: User.has_perm should forward **kwargs to allow more flexibility in
authentication backends
-+-
 Reporter:  Matteo Parrucci  |Owner:  (none)
 Type:  New feature  |   Status:  assigned
Component:  contrib.auth |  Version:  3.1
 Severity:  Normal   |   Resolution:
 Keywords:  auth,| Triage Stage:
  django.contrib.auth,   |  Unreviewed
  authentication, request,   |
  has_perm, has_perms, sites,|
  django.contrib.sites   |
Has patch:  0|  Needs documentation:  0
  Needs tests:  0|  Patch needs improvement:  0
Easy pickings:  0|UI/UX:  0
-+-
Changes (by keshav pareek):

 * owner:  keshav pareek => (none)


-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/064.ceb73a9d00927fbb01d02f81f3fdd354%40djangoproject.com.

Re: [Django] #32255: User.has_perm should forward **kwargs to allow more flexibility in authentication backends

[Django]

#32255: User.has_perm should forward **kwargs to allow more flexibility in
authentication backends
-+-
 Reporter:  Matteo Parrucci  |Owner:  keshav
 |  pareek
 Type:  New feature  |   Status:  assigned
Component:  contrib.auth |  Version:  3.1
 Severity:  Normal   |   Resolution:
 Keywords:  auth,| Triage Stage:
  django.contrib.auth,   |  Unreviewed
  authentication, request,   |
  has_perm, has_perms, sites,|
  django.contrib.sites   |
Has patch:  0|  Needs documentation:  0
  Needs tests:  0|  Patch needs improvement:  0
Easy pickings:  0|UI/UX:  0
-+-
Changes (by keshav pareek):

 * owner:  nobody => keshav pareek
 * status:  new => assigned


-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/064.b33a7275e8427cfa19970b7b04cec877%40djangoproject.com.

Re: [Django] #32255: User.has_perm should forward **kwargs to allow more flexibility in authentication backends

[Django]

#32255: User.has_perm should forward **kwargs to allow more flexibility in
authentication backends
-+-
 Reporter:  Matteo Parrucci  |Owner:  nobody
 Type:  New feature  |   Status:  new
Component:  contrib.auth |  Version:  3.1
 Severity:  Normal   |   Resolution:
 Keywords:  auth,| Triage Stage:
  django.contrib.auth,   |  Unreviewed
  authentication, request,   |
  has_perm, has_perms, sites,|
  django.contrib.sites   |
Has patch:  0|  Needs documentation:  0
  Needs tests:  0|  Patch needs improvement:  0
Easy pickings:  0|UI/UX:  0
-+-

Comment (by Matteo Parrucci):

 I've implemented it in a demo project and it now looks like this:

 Into django.contrib.auth.models.AbstractUser
 {{{
 def has_perm(self, perm, obj=None, **kwargs):
 return _user_has_perm(self, perm, obj=obj, **kwargs)

 def has_perms(self, perm_list, obj=None, **kwargs):
 return all(self.has_perm(perm, obj, **kwargs) for perm in
 perm_list)
 }}}

 In the same module the checking permission function:

 {{{
 def _user_has_perm(user, perm, obj, **kwargs):
 """
 A backend can raise `PermissionDenied` to short-circuit permission
 checking.
 """
 for backend in get_backends():
 if not hasattr(backend, 'has_perm'):
 continue
 try:
 if backend.has_perm(user, perm, obj, **kwargs):
 return True
 except PermissionDenied:
 return False
 return False
 }}}

 And it works  for me now. It is a small change and I think it could be
 useful for others too. Basically I only added **kwargs to the signatures
 and forwarded it to the auth backends.

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/064.963be8d5d012c81883e0a3f75e452bb9%40djangoproject.com.

Re: [Django] #32255: User.has_perm should forward **kwargs to allow more flexibility in authentication backends (was: User.has_perm should forward *args and **kwargs to allow more flexibility in authe

[Django]

#32255: User.has_perm should forward **kwargs to allow more flexibility in
authentication backends
-+-
 Reporter:  Matteo Parrucci  |Owner:  nobody
 Type:  New feature  |   Status:  new
Component:  contrib.auth |  Version:  3.1
 Severity:  Normal   |   Resolution:
 Keywords:  auth,| Triage Stage:
  django.contrib.auth,   |  Unreviewed
  authentication, request,   |
  has_perm, has_perms, sites,|
  django.contrib.sites   |
Has patch:  0|  Needs documentation:  0
  Needs tests:  0|  Patch needs improvement:  0
Easy pickings:  0|UI/UX:  0
-+-
Description changed by Matteo Parrucci:

Old description:

> **The situation**
> I would like to check user permission based on the django.contrib.sites
> I'm in. To get the active site, django.contrib.sites needs the request so
> he can match the hostname. I'm using django-rules at the moment but It's
> quite generic.
>
> **The Problem**
> Not having the request in has_perm/has_perms I cannot check permissions
> based on the currently active site
> The "call stack" detail is here: https://github.com/dfunckt/django-
> rules/issues/130
>
> **A possible solution**
> Adding *args and  ^^*^^*kwargs to has_perm and has_perms signatures would
> allow greater flexibility for the custom authentication backends leaving
> intact what we have now. In my case, for example, I could check
> permission in my django-rules predicates having the the request passed in
> and check if I have rights for the current site, but I think my case is
> quite limited and all new authentication backends would benefit from this
> change.

New description:

 **The situation**
 I would like to check user permission based on the django.contrib.sites
 I'm in. To get the active site, django.contrib.sites needs the request so
 he can match the hostname. I'm using django-rules at the moment but It's
 quite generic.

 **The Problem**
 Not having the request in has_perm/has_perms I cannot check permissions
 based on the currently active site
 The "call stack" detail is here: https://github.com/dfunckt/django-
 rules/issues/130

 **A possible solution**
 Adding  ^^*^^*kwargs to has_perm and has_perms signatures would allow
 greater flexibility for the custom authentication backends leaving intact
 what we have now. In my case, for example, I could check permission in my
 django-rules predicates having the the request passed in and check if I
 have rights for the current site, but I think my case is quite limited and
 all new authentication backends would benefit from this change.

--

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/064.342a3d7b3b6f75bbb00d324c513bd8c0%40djangoproject.com.