[Django] #26514: User.refresh_from_db() does not clear Permission cache.
Django
------------------------------+--------------------
Reporter: codingjoe | Owner: nobody
Type: Bug | Status: new
Component: contrib.auth | Version: master
Severity: Normal | Keywords:
Triage Stage: Unreviewed | Has patch: 0
Easy pickings: 1 | UI/UX: 0
------------------------------+--------------------
User.refresh_from_db() does not clear the Permission cache.
`ModelBackend` implements a cache for the Permission. This cache is not
cleared or rebuild when calling `refresh_from_db()`.
I find this very confusing and somewhat unexpected behavior. This should
ether be documented or better the cache gets flushed when
`refresh_from_db()` is called.
--
Ticket URL: <https://code.djangoproject.com/ticket/26514>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
Django
Reporter: codingjoe | Owner: nobody
Type: Bug | Status: new
Component: contrib.auth | Version: master
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 1 | UI/UX: 0
Changes (by timgraham):
* needs_better_patch: => 0
* needs_tests: => 0
* needs_docs: => 0
Comment:
The
[https://docs.djangoproject.com/en/stable/ref/models/instances/#django.db.models.Model.refresh_from_db
refresh_from_db()] documentation says, "Note that only fields of the model
are reloaded from the database. Other database dependent values such as
annotations are not reloaded."
I don't find this unclear, but perhaps you'd like to suggest some
clarification?
--
Ticket URL: <https://code.djangoproject.com/ticket/26514#comment:1>
Django
Reporter: codingjoe | Owner: nobody
Type: Bug | Status: new
Component: contrib.auth | Version: master
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Easy pickings: 1 | UI/UX: 0
Comment (by codingjoe):
I think the `refresh_from_db` documentation is fine. It's the permissions
cache that could be better documented and maybe even extended.
It is somewhat unexpected, that you can `add` or `set`
`User.user_permissions` but that this will have no effect unless you
allocate a new instance of `User`.
Strictly speaking an m2m relationship is called a "field" in Django, or is
it not? Since the permissions are depended on such a relation, I naturally
presumed the permissions cache would be covered.
It would be a good thing to have a public API to clear the permissions
cache. As a plus it would be great if the cache handles invalidation
itself.
--
Ticket URL: <https://code.djangoproject.com/ticket/26514#comment:2>
Django
Reporter: codingjoe | Owner: nobody
Type: Bug | Status: new
Component: contrib.auth | Version: master
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Easy pickings: 1 | UI/UX: 0
Comment (by timgraham):
The `ModelBackend` cache
[https://docs.djangoproject.com/en/stable/topics/auth/default/#permission-
caching is documented]. I suppose it wouldn't hurt to add a sentence there
like "`refresh_from_db()` won't clear this cache."
The value of `user_permissions` isn't actually cached. The cache is stored
in a private attribute `user._per_cache`. I'm weary of heading down the
road of adding custom `refresh_from_db()` methods to all models that have
similar behavior.
--
Ticket URL: <https://code.djangoproject.com/ticket/26514#comment:3>
Django
Reporter: codingjoe | Owner: nobody
Type: Bug | Status: new
Component: contrib.auth | Version: master
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Easy pickings: 1 | UI/UX: 0
Comment (by codingjoe):
Maybe it's only me. So a line more of documentation seems to be good
enough.
--
Ticket URL: <https://code.djangoproject.com/ticket/26514#comment:4>
Django
Reporter: codingjoe | Owner: nobody
Type: Bug | Status: closed
Component: contrib.auth | Version: master
Severity: Normal | Resolution: fixed
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Easy pickings: 1 | UI/UX: 0
Changes (by Tim Graham <timograham@…>):
* status: new => closed
* resolution: => fixed
Comment:
In [changeset:"2c4c67af94318b15df7d9d37b936e07e8168bc73" 2c4c67af]:
{{{
#!CommitTicketReference repository=""
revision="2c4c67af94318b15df7d9d37b936e07e8168bc73"
Fixed #26514 -- Documented that User.refresh_from_db() doesn't clear the
permission cache.
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/26514#comment:5>
Django
Reporter: codingjoe | Owner: nobody
Type: Cleanup/optimization | Status: closed
Component: Documentation | Version: master
Severity: Normal | Resolution: fixed
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Easy pickings: 1 | UI/UX: 0
Changes (by timgraham):
* type: Bug => Cleanup/optimization
* component: contrib.auth => Documentation
* stage: Unreviewed => Accepted
--
Ticket URL: <https://code.djangoproject.com/ticket/26514#comment:6>
Django
Reporter: codingjoe | Owner: nobody
Type: Cleanup/optimization | Status: closed
Component: Documentation | Version: master
Severity: Normal | Resolution: fixed
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Easy pickings: 1 | UI/UX: 0
Comment (by Tim Graham <timograham@…>):
In [changeset:"12606d2b99dbfe7d0a8f51818e81a29ea2472943" 12606d2]:
{{{
#!CommitTicketReference repository=""
revision="12606d2b99dbfe7d0a8f51818e81a29ea2472943"
[1.9.x] Fixed #26514 -- Documented that User.refresh_from_db() doesn't
clear the permission cache.
Backport of 2c4c67af94318b15df7d9d37b936e07e8168bc73 from master
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/26514#comment:7>
Django
Reporter: codingjoe | Owner: nobody
Type: Cleanup/optimization | Status: closed
Component: Documentation | Version: master
Severity: Normal | Resolution: fixed
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Easy pickings: 1 | UI/UX: 0
Comment (by codingjoe):
Thanks :)
--
Ticket URL: <https://code.djangoproject.com/ticket/26514#comment:8>