Just yesterday I bumped into an issue that left me puzzled for a while, and I want to verify if this is indeed the case before opening a bug ticket.
The
documentation states the we can use either the
{{ perms.my_app.update_obj }} tag to display the result of a check for a specific permission "update_obj" within the my_app module/app, or the
{{ perms.my_app }} tag to display the result of a check if the user has any permissions in the my_app module/app. Yet, when using the second variant, I suddenly had the whole permission set of the user dumped to the page. This is quite obvious when looking at the contrib\auth\context_processors.py code: when doing a
{% if "my_app" in perms %} check it will land into the
__contains__ method of PermWrapper while for an output such as
{{ perms.my_app }}, it will land into the
__getitem__ method that returns a PermLookupDict, in turn triggering the
__repr__ method when displayed: