https://github.com/django/django/pull/7153/ implements
UserManager.with_perm() [1] as:
def with_perm(self, perm):
for backend in auth.get_backends():
if hasattr(backend, 'with_perm'):
return backend.with_perm(perm)
return self.get_queryset().none()
[1] "Shortcut to get users by permission":
https://code.djangoproject.com/ticket/18763
With this implementation, users of UserManager.with_perm() won't get
users with permissions for all backends. Also, result of
UserManager.with_perm() will depend on the order of
settings.AUTHENTICATION_BACKENDS. See also
https://code.djangoproject.com/ticket/18763#comment:9 for more
information about the current strategy.
I suggested an alternative approach at
https://github.com/django/django/pull/7153/files#r78226234 with the
following implementation:
def with_perm(self, perm, backend=None):
if backend is None:
backends = _get_backends(return_tuples=True)
if len(backends) != 1:
raise ValueError(
'You have multiple authentication backends configured and '
'therefore must provide the `backend` argument.'
)
_, backend = backends[0]
if hasattr(backend, 'with_perm'):
return backend.with_perm(perm)
else:
backend = load_backend(backend)
if hasattr(backend, 'with_perm'):
return backend.with_perm(perm)
return self.get_queryset().none()
This also simulates what django.contrib.auth.login() does when
multiple authentication backends are defined:
https://github.com/django/django/blob/18c72d59e0807dae75ac2c34890d08c1e0972d0a/django/contrib/auth/__init__.py#L100
Tim suggested to get some feedback about possible use cases:
"I'm not sure about the use cases. For example, someone might want to
get users with permissions for all backends. It would be nice if we
had some feedback about what users are implementing on their own to
confirm we're targeting the largest use case."
Is there any other possible use cases? Which one of the suggested
approaches cover the largest use case?
Thanks!
--Berker