[Django] #33269: Raise an error if a string is passed into has_perms() instead of a list
Django
-----------------------------------------+------------------------
Reporter: lieryan | Owner: nobody
Type: Uncategorized | Status: new
Component: Uncategorized | Version: 3.2
Severity: Normal | Keywords:
Triage Stage: Unreviewed | Has patch: 1
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 0
UI/UX: 0 |
-----------------------------------------+------------------------
A colleague made this error recently doing a user.has_perms("foobar")
instead of the correct user.has_perms(["foobar"]) or
user.has_perm("foobar"). The code initially appeared to work fine since in
Python, str is an iterable that returned individual characters as string
when iterated over.
We checked for str in particular rather than enforcing it to be a list,
since perm_list may actually be tuple, set, generators, or other
iterables.
An alternative way this could be fixed is to just silently behave like
has_perm() if perm_list is actually a string rather than raising an error,
but that'll probably enforce a bad habit.
--
Ticket URL: <https://code.djangoproject.com/ticket/33269>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
Django
Reporter: lieryan | Owner: nobody
Type: Uncategorized | Status: new
Component: Uncategorized | Version: 3.2
Keywords: | Triage Stage: Unreviewed
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Description changed by lieryan:
Old description:
> A colleague made this error recently doing a user.has_perms("foobar")
> instead of the correct user.has_perms(["foobar"]) or
> user.has_perm("foobar"). The code initially appeared to work fine since
> in Python, str is an iterable that returned individual characters as
> string when iterated over.
>
> We checked for str in particular rather than enforcing it to be a list,
> since perm_list may actually be tuple, set, generators, or other
> iterables.
>
> An alternative way this could be fixed is to just silently behave like
> has_perm() if perm_list is actually a string rather than raising an
> error, but that'll probably enforce a bad habit.
New description:
A colleague made this error recently doing a user.has_perms("foobar")
instead of the correct user.has_perms(["foobar"]) or
user.has_perm("foobar"). The code initially appeared to work fine since in
Python, str is an iterable that returned individual characters as string
when iterated over.
We checked for str in particular rather than enforcing it to be a list,
since perm_list may actually be tuple, set, generators, or other
iterables.
An alternative way this could be fixed is to just silently behave like
has_perm() if perm_list is actually a string rather than raising an error,
but that'll probably enforce a bad habit.
Pull request in [#14969](https://github.com/django/django/pull/14969).
--
--
Ticket URL: <https://code.djangoproject.com/ticket/33269#comment:1>
Django
Reporter: lieryan | Owner: nobody
Type: Uncategorized | Status: new
Component: Uncategorized | Version: 3.2
Keywords: | Triage Stage: Unreviewed
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Description changed by lieryan:
Old description:
> A colleague made this error recently doing a user.has_perms("foobar")
> instead of the correct user.has_perms(["foobar"]) or
> user.has_perm("foobar"). The code initially appeared to work fine since
> in Python, str is an iterable that returned individual characters as
> string when iterated over.
>
> We checked for str in particular rather than enforcing it to be a list,
> since perm_list may actually be tuple, set, generators, or other
> iterables.
>
> An alternative way this could be fixed is to just silently behave like
> has_perm() if perm_list is actually a string rather than raising an
> error, but that'll probably enforce a bad habit.
>
> Pull request in [#14969](https://github.com/django/django/pull/14969).
New description:
A colleague made this error recently doing a user.has_perms("foobar")
instead of the correct user.has_perms(["foobar"]) or
user.has_perm("foobar"). The code initially appeared to work fine since in
Python, str is an iterable that returned individual characters as string
when iterated over.
We checked for str in particular rather than enforcing it to be a list,
since perm_list may actually be tuple, set, generators, or other
iterables.
An alternative way this could be fixed is to just silently behave like
has_perm() if perm_list is actually a string rather than raising an error,
but that'll probably enforce a bad habit.
Pull request in Github (https://github.com/django/django/pull/14969).
--
--
Ticket URL: <https://code.djangoproject.com/ticket/33269#comment:2>
Django
Reporter: lieryan | Owner: nobody
Type: Uncategorized | Status: new
Component: Uncategorized | Version: 3.2
Keywords: | Triage Stage: Unreviewed
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Description changed by lieryan:
Old description:
> A colleague made this error recently doing a user.has_perms("foobar")
> instead of the correct user.has_perms(["foobar"]) or
> user.has_perm("foobar"). The code initially appeared to work fine since
> in Python, str is an iterable that returned individual characters as
> string when iterated over.
>
> We checked for str in particular rather than enforcing it to be a list,
> since perm_list may actually be tuple, set, generators, or other
> iterables.
>
> An alternative way this could be fixed is to just silently behave like
> has_perm() if perm_list is actually a string rather than raising an
> error, but that'll probably enforce a bad habit.
>
> Pull request in Github (https://github.com/django/django/pull/14969).
New description:
A colleague made this error recently doing a `user.has_perms("foobar")`
instead of the correct `user.has_perms(["foobar"])` or
`user.has_perm("foobar")`. The code initially appeared to work fine since
in Python, `str` is an iterable that returned individual characters as
string when iterated over.
We checked for `str` in particular rather than enforcing it to be a
`list`, since `perm_list` may actually be tuple, set, generators, or other
iterables.
An alternative way this could be fixed is to just silently behave like
`has_perm()` if `perm_list` is actually a string rather than raising an
error, but that'll probably enforce a bad habit.
Pull request in Github (https://github.com/django/django/pull/14969).
--
--
Ticket URL: <https://code.djangoproject.com/ticket/33269#comment:3>
Django
Reporter: lieryan | Owner: nobody
Type: Uncategorized | Status: new
Severity: Normal | Resolution:
Keywords: | Triage Stage: Unreviewed
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Changes (by lieryan):
* component: Uncategorized => contrib.auth
--
Ticket URL: <https://code.djangoproject.com/ticket/33269#comment:4>
Django
Reporter: lieryan | Owner: lieryan
Type: Cleanup/optimization | Status: assigned
Component: contrib.auth | Version: 3.2
Severity: Normal | Resolution:
Has patch: 1 | Needs documentation: 0
Easy pickings: 0 | UI/UX: 0
Changes (by Mariusz Felisiak):
* owner: nobody => lieryan
* needs_better_patch: 0 => 1
* type: Uncategorized => Cleanup/optimization
* status: new => assigned
* stage: Unreviewed => Accepted
--
Ticket URL: <https://code.djangoproject.com/ticket/33269#comment:5>
Django
Reporter: lieryan | Owner: lieryan
Type: | Status: assigned
Cleanup/optimization |
Component: contrib.auth | Version: 3.2
Severity: Normal | Resolution:
| checkin
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Changes (by Mariusz Felisiak):
* needs_better_patch: 1 => 0
* stage: Accepted => Ready for checkin
--
Ticket URL: <https://code.djangoproject.com/ticket/33269#comment:6>
Django
Reporter: lieryan | Owner: lieryan
Cleanup/optimization |
Component: contrib.auth | Version: 3.2
Keywords: | Triage Stage: Ready for
| checkin
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Changes (by Mariusz Felisiak <felisiak.mariusz@…>):
* status: assigned => closed
* resolution: => fixed
Comment:
In [changeset:"05cde4764da022ae80e9d7d97ef67c30e896c607" 05cde47]:
{{{
#!CommitTicketReference repository=""
revision="05cde4764da022ae80e9d7d97ef67c30e896c607"
Fixed #33269 -- Made AnonymousUser/PermissionsMixin.has_perms() raise
ValueError on string or non-iterable perm_list.
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/33269#comment:7>