Why Django-User have all perms, even unexistent?

[setivo...@gmail.com]

Code in ipython

-----------------------------------------

In [51]: from django.contrib.auth.models import User

In [52]: User.objects.all()

Out[52]: [<User: john>, <User: john1>, <User: wlysenko>]

In [53]: user = User.objects.last()

In [54]: user.is_superuser

Out[54]: True

In [55]: user.f

user.first_name  user.from_db     user.full_clean

In [55]: user.get

user.get_all_permissions          user.get_group_permissions        user.get_session_auth_hash

user.get_deferred_fields          user.get_next_by_date_joined      user.get_short_name

user.get_full_name                user.get_previous_by_date_joined  user.get_username

In [55]: user.get_full_name

Out[55]: <bound method User.get_full_name of <User: wlysenko>>

In [56]: user.get_full_name()

Out[56]: 'Seti Volkylany'

In [57]: user.get_all_permissions()

Out[57]:

{'admin.add_logentry',

 'admin.change_logentry',

 'admin.delete_logentry',

 'auth.add_group',

 'auth.add_permission',

 'auth.add_user',

 'auth.change_group',

 'auth.change_permission',

 'auth.change_user',

 'auth.delete_group',

 'auth.delete_permission',

 'auth.delete_user',

 'contenttypes.add_contenttype',

 'contenttypes.change_contenttype',

 'contenttypes.delete_contenttype',

 'sessions.add_session',

 'sessions.change_session',

 'sessions.delete_session',

 'sites.add_site',

 'sites.change_site',

 'sites.delete_site'}

In [58]: user.has_perm('sites.add_site')

Out[58]: True

In [59]: user.has_perm('sites.add_sitdaadasdasdasdase')

Out[59]: True

In [60]: user.has_perm('ETOFIGNYA')

Out[60]: True

In [61]: user.has_perm('EimposibledsdsdnjasfndjfnsfnfjsfndA')

Out[61]: True

[Simon Charette]

This is only the case for superusers have you might have noticed.