I assigned a permission of a user in my Django 1.5 app. When I list all user permissions with
我在Django 1.5应用程序中分配了用户的权限。当我列出所有用户权限时
In [1]: user.get_all_permissions()
Out[1]: set([u'profile.change_profile'])
I can see one permission (which is correct and wanted). The user is also not a superuser, not an admin.
我可以看到一个权限(这是正确的和想要的)。用户也不是超级用户,不是管理员。
In [2]: user.is_superuser
Out[2]: False
However, if I try to use user.has_perm
, I always get True
as a return for any submitted permission request.
但是,如果我尝试使用user.has_perm,我总是得到True作为任何提交的权限请求的返回。
In [3]: user.has_perm('random_permission')
Out[3]: True
A behaviour I would expect if the user is a superuser/admin. Why is a non-superuser getting always True
for every request? Did I miss any setting?
如果用户是超级用户/管理员,我期望的行为。为什么非超级用户对每个请求都始终为True?我错过了任何设置吗?
1 个解决方案
#1
4
As mentioned in comment by Thane Brimhall you should check your authentication backends. You can find this comment on has_perm method of User model in django sources:
正如Thane Brimhall在评论中提到的那样,您应该检查您的身份验证后端。你可以在django sources中找到关于用户模型的has_perm方法的评论:
Returns True if the user has the specified permission. This method queries all available auth backends, but returns immediately if any backend returns True. Thus, a user who has permission from a single auth backend is assumed to have permission in general.
如果用户具有指定的权限,则返回True。此方法查询所有可用的auth后端,但如果任何后端返回True,则立即返回。因此,假定具有来自单个认证后端的许可的用户通常具有许可。
Also don't forget to check user groups. Default backend checks for user groups permissions thus it may be connected.
另外不要忘记检查用户组。默认后端检查用户组权限,因此可以连接。
#1
4
As mentioned in comment by Thane Brimhall you should check your authentication backends. You can find this comment on has_perm method of User model in django sources:
正如Thane Brimhall在评论中提到的那样,您应该检查您的身份验证后端。你可以在django sources中找到关于用户模型的has_perm方法的评论:
Returns True if the user has the specified permission. This method queries all available auth backends, but returns immediately if any backend returns True. Thus, a user who has permission from a single auth backend is assumed to have permission in general.
如果用户具有指定的权限,则返回True。此方法查询所有可用的auth后端,但如果任何后端返回True,则立即返回。因此,假定具有来自单个认证后端的许可的用户通常具有许可。
Also don't forget to check user groups. Default backend checks for user groups permissions thus it may be connected.
另外不要忘记检查用户组。默认后端检查用户组权限,因此可以连接。