[Django] #28131: Template variable "perms" single-attribute lookup does not work as expected

[Django]

#28131: Template variable "perms" single-attribute lookup does not work as expected
-------------------------------------------+------------------------
Reporter: Meiyer | Owner: nobody
Type: Bug | Status: new
Component: Template system | Version: 1.8
Severity: Normal | Keywords:
Triage Stage: Unreviewed | Has patch: 0
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 0
UI/UX: 0 |
-------------------------------------------+------------------------
The
[https://docs.djangoproject.com/en/1.11/topics/auth/default/#permissions
documentation] states that the template variable `perms` may be used with
single-attribute lookup `{{ perms.foo }}` to check for module-level
permissions, proxying to `User.has_module_perms`.
This is not the case in reality. Using single-attribute lookup causes the
tag to output all permissions the user has in the module `foo`, as text.

This is caused by `django.contrib.auth.context_processors.PermWrapper`’s
method
{{{#!python
def __getitem__(self, app_label):
return PermLookupDict(self.user, app_label)
}}}
which in turn invokes the `PermLookupDict`’s method
{{{#!python
def __repr__(self):
return str(self.user.get_all_permissions())
}}}

The behaviour is different from the `{{ "foo" in perms }}` construct,
which resolves to `PermWrapper`’s `__contains__` that correctly casts the
operation to a boolean, causing the `PermLookupDict`’s method
{{{#!python
def __bool__(self):
return self.user.has_module_perms(self.app_label)
}}}
to be used instead.

This issue goes back to at least version 1.6 and forward through all
versions up to 1.11 (and apparently the single-attribute lookup feature is
not used by anyone because this issue went unreported for at least four
years).

--
Ticket URL: <https://code.djangoproject.com/ticket/28131>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

[Django]

#28131: Template variable "perms" single-attribute lookup does not work as

documented
-------------------------------+------------------------------------

Reporter: Meiyer | Owner: nobody
Type: Bug | Status: new

Component: Documentation | Version: 1.8
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted

Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0

-------------------------------+------------------------------------
Changes (by Tim Graham):

* component: Template system => Documentation
* stage: Unreviewed => Accepted

Comment:

I confirmed the same behavior as far back as Django 1.4. From a quick
glance, I don't see a way to change the code to conform to the
documentation, so I think it's best to correct the docs based on the
current behavior.

--
Ticket URL: <https://code.djangoproject.com/ticket/28131#comment:1>

[Django]

#28131: Template variable "perms" single-attribute lookup does not work as

documented
-------------------------------+------------------------------------

Reporter: Meiyer | Owner: nobody
Type: Bug | Status: new

Component: Documentation | Version: 1.8
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted

Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0

-------------------------------+------------------------------------

Comment (by Simon Charette):

Tim, I think the confusion here is that `{{ perms.foo }}` should be
checked against with a conditional statement (e.g. `{% if perms.foo %}`)
to work.

The behavior reported here is expected, trying to use `{{ boolean_var }}`
won't perform any check by itself and result in `bool.__repr__` just like
`{{ perms.foo }}` results in `PermLookupDict.__repr__`.

I think the documentation is just a bit misleading and should be using `{%
if perms.foo %}` to exemplify its usage.

--
Ticket URL: <https://code.djangoproject.com/ticket/28131#comment:2>

[Django]

#28131: Template variable "perms" single-attribute lookup does not work as

documented
-------------------------------------+-------------------------------------
Reporter: Meiyer | Owner: brian
| houston morrow
Type: Bug | Status: assigned

Component: Documentation | Version: 1.8
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted

Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0

-------------------------------------+-------------------------------------
Changes (by brian houston morrow):

* status: new => assigned
* owner: nobody => brian houston morrow

--
Ticket URL: <https://code.djangoproject.com/ticket/28131#comment:3>

[Django]

#28131: Template variable "perms" single-attribute lookup does not work as

documented
-------------------------------+----------------------------------------
Reporter: Meiyer | Owner: Botond Béres

Type: Bug | Status: assigned
Component: Documentation | Version: 1.8
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted

Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0

-------------------------------+----------------------------------------
Changes (by Botond Béres):

* owner: brian houston morrow => Botond Béres

--
Ticket URL: <https://code.djangoproject.com/ticket/28131#comment:4>

[Django]

#28131: Template variable "perms" single-attribute lookup does not work as

documented
-------------------------------+----------------------------------------
Reporter: Meiyer | Owner: Botond Béres
Type: Bug | Status: assigned
Component: Documentation | Version: 1.8
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted

Has patch: 1 | Needs documentation: 0

Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0

-------------------------------+----------------------------------------
Changes (by Botond Béres):

* has_patch: 0 => 1

Comment:

Added a [https://github.com/django/django/pull/9297 PR] where I've tried
to replace and rephrase the incorrect/misleading examples.

--
Ticket URL: <https://code.djangoproject.com/ticket/28131#comment:5>

[Django]

#28131: Template variable "perms" single-attribute lookup does not work as

documented
-------------------------------+----------------------------------------
Reporter: Meiyer | Owner: Botond Béres

Type: Bug | Status: closed
Component: Documentation | Version: 1.8
Severity: Normal | Resolution: fixed
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0

Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0

-------------------------------+----------------------------------------
Changes (by Tim Graham <timograham@…>):

* status: assigned => closed
* resolution: => fixed

Comment:

In [changeset:"51d7feff872e74d5a53479f62163d5e0024b00ed" 51d7feff]:
{{{
#!CommitTicketReference repository=""
revision="51d7feff872e74d5a53479f62163d5e0024b00ed"
Fixed #28131 -- Corrected examples of using attribute lookups on the
"perms" template variable.
}}}

--
Ticket URL: <https://code.djangoproject.com/ticket/28131#comment:6>

[Django]

#28131: Template variable "perms" single-attribute lookup does not work as

documented
-------------------------------+----------------------------------------
Reporter: Meiyer | Owner: Botond Béres
Type: Bug | Status: closed
Component: Documentation | Version: 1.8
Severity: Normal | Resolution: fixed
Keywords: | Triage Stage: Accepted

Has patch: 1 | Needs documentation: 0

Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0

-------------------------------+----------------------------------------

Comment (by Tim Graham <timograham@…>):

In [changeset:"41009788a0a73d7a33e102efc5d10208f5174964" 41009788]:
{{{
#!CommitTicketReference repository=""
revision="41009788a0a73d7a33e102efc5d10208f5174964"
[2.0.x] Fixed #28131 -- Corrected examples of using attribute lookups on
the "perms" template variable.

Backport of 51d7feff872e74d5a53479f62163d5e0024b00ed from master
}}}

--
Ticket URL: <https://code.djangoproject.com/ticket/28131#comment:7>