[Django] #20834: User objects Cache permissions data
Django
-------------------------------+--------------------
Reporter: Giggaflop | Owner: nobody
Type: Uncategorized | Status: new
Component: Documentation | Version:
Severity: Normal | Keywords:
Triage Stage: Unreviewed | Has patch: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------+--------------------
Could it be mentioned on the
[https://docs.djangoproject.com/en/1.3/topics/auth/#methods API Methods]
for Django authentication that it may be required that the User object is
reobtained if dynamically adding permissions. This is due to them being
cached by Django.
This was not made clear by the documentation and has wasted considerable
amount of time tracking down until i hit upon this
[http://stackoverflow.com/questions/10102918/cant-change-user-permissions-
during-unittest-in-django Stack Overflow].
--
Ticket URL: <https://code.djangoproject.com/ticket/20834>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
Django
Reporter: Giggaflop | Owner: nobody
Type: New feature | Status: new
Component: Documentation | Version:
Severity: Normal | Resolution:
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Changes (by anonymous):
* needs_docs: => 0
* type: Uncategorized => New feature
* needs_tests: => 0
* needs_better_patch: => 0
--
Ticket URL: <https://code.djangoproject.com/ticket/20834#comment:1>
Django
-------------------------------+------------------------------------
Reporter: Giggaflop | Owner: nobody
Type: New feature | Status: new
Component: Documentation | Version:
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Easy pickings: 0 | UI/UX: 0
Changes (by timo):
* stage: Unreviewed => Accepted
Comment:
Yes, this seems like a good thing to mention. Do you think you could write
up a patch or simply some text about what you would say?
--
Ticket URL: <https://code.djangoproject.com/ticket/20834#comment:2>
Django
-------------------------------+------------------------------------
Type: New feature | Status: new
Component: Documentation | Version:
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Easy pickings: 0 | UI/UX: 0
Comment (by Giggaflop):
I would do something along the lines of.
It may be required that the User object is reobtained if dynamically
adding permissions. This is due to them being cached by Django.
{{{
def user_gains_perms(request, user_id):
user = get_object_or_404(pk=user_id)
permission = Permission.objects.get(codename="all_the_things")
user.user_permissions.add(permission)
# Note the user object has not gained the permission
user.has_perms('all_the_things') # False
# Request new instance of User
user = get_object_or_404(pk=user_id)
# Now note how the permissions have been updated
user.has_perms('all_the_things') # True
return HttpResponseRedirect(reverse('index'))
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/20834#comment:3>
Django
Reporter: Giggaflop | Owner: nobody
Type: New feature | Status: new
Component: Documentation | Version:
Severity: Normal | Resolution:
Keywords: afraid-to-commit | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Easy pickings: 0 | UI/UX: 0
Changes (by EvilDMP):
* keywords: => afraid-to-commit
* cc: EvilDMP (added)
--
Ticket URL: <https://code.djangoproject.com/ticket/20834#comment:4>
Django
----------------------------------+------------------------------------
Type: New feature | Status: new
Component: Documentation | Version:
Severity: Normal | Resolution:
Keywords: afraid-to-commit | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Easy pickings: 0 | UI/UX: 0
Comment (by EvilDMP):
I've marked this ticket as especially suitable for first-time committers
or people following the [http://dont-be-afraid-to-commit.readthedocs.org/
Don't be afraid to commit] tutorial. If you're tackling this ticket,
please don't hesitate to ask me for guidance if you'd like any, either
here or on the Django IRC channels, where I can be found as ''EvilDMP''.
--
Ticket URL: <https://code.djangoproject.com/ticket/20834#comment:5>
Django
----------------------------------+------------------------------------
Type: New feature | Status: new
Component: Documentation | Version:
Severity: Normal | Resolution:
Keywords: afraid-to-commit | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Easy pickings: 0 | UI/UX: 0
Comment (by Jennifer):
I notice that the documentation referred to in the original report is
for django 1.3 here is the link for the latest documentation version:
https://docs.djangoproject.com/en/dev/ref/contrib/auth/#methods
--
Ticket URL: <https://code.djangoproject.com/ticket/20834#comment:6>
Django
----------------------------------+------------------------------------
Type: New feature | Status: assigned
Component: Documentation | Version:
Severity: Normal | Resolution:
Keywords: afraid-to-commit | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Easy pickings: 0 | UI/UX: 0
Changes (by Jennifer):
* owner: nobody => Jennifer
* status: new => assigned
--
Ticket URL: <https://code.djangoproject.com/ticket/20834#comment:7>
Django
----------------------------------+------------------------------------
Reporter: Giggaflop | Owner: Jennifer
Type: New feature | Status: assigned
Severity: Normal | Resolution:
Keywords: afraid-to-commit | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Easy pickings: 0 | UI/UX: 0
Comment (by Jennifer):
I have made pull request for review
https://github.com/django/django/pull/1754
--
Ticket URL: <https://code.djangoproject.com/ticket/20834#comment:8>
Django
----------------------------------+------------------------------------
Reporter: Giggaflop | Owner: Jennifer
Type: New feature | Status: assigned
Severity: Normal | Resolution:
Keywords: afraid-to-commit | Triage Stage: Accepted
Needs tests: 0 | Patch needs improvement: 1
Easy pickings: 0 | UI/UX: 0
Changes (by timo):
* needs_better_patch: 0 => 1
* has_patch: 0 => 1
Comment:
I left some comments for improvement on the pull request.
--
Ticket URL: <https://code.djangoproject.com/ticket/20834#comment:9>
Django
----------------------------------+------------------------------------
Reporter: Giggaflop | Owner: Jennifer
Type: New feature | Status: assigned
Severity: Normal | Resolution:
Keywords: afraid-to-commit | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Easy pickings: 0 | UI/UX: 0
Changes (by timo):
* needs_better_patch: 1 => 0
Comment:
Here's a [https://github.com/django/django/pull/2179 PR] for review.
--
Ticket URL: <https://code.djangoproject.com/ticket/20834#comment:10>
Django
----------------------------------+------------------------------------
Reporter: Giggaflop | Owner: Jennifer
Component: Documentation | Version:
Severity: Normal | Resolution: fixed
Keywords: afraid-to-commit | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Easy pickings: 0 | UI/UX: 0
Changes (by Tim Graham <timograham@…>):
* status: assigned => closed
* resolution: => fixed
Comment:
In [changeset:"5f9790072d52443aff9a0e04f1552f1e29489521"]:
{{{
#!CommitTicketReference repository=""
revision="5f9790072d52443aff9a0e04f1552f1e29489521"
Fixed #20834 -- Described how caching of user permissions works.
Thanks Giggaflop and Jennifer Casavantes.
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/20834#comment:11>
Django
----------------------------------+------------------------------------
Reporter: Giggaflop | Owner: Jennifer
Type: New feature | Status: closed
Severity: Normal | Resolution: fixed
Keywords: afraid-to-commit | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Easy pickings: 0 | UI/UX: 0
Comment (by Tim Graham <timograham@…>):
In [changeset:"8eca53f0bef783e5c11877fe18a6651543605af1"]:
{{{
#!CommitTicketReference repository=""
revision="8eca53f0bef783e5c11877fe18a6651543605af1"
[1.6.x] Fixed #20834 -- Described how caching of user permissions works.
Thanks Giggaflop and Jennifer Casavantes.
Backport of 5f9790072d from master
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/20834#comment:12>