diff -r b758351d191f -r cc9b7e14412b web/lib/django/contrib/auth/backends.py --- a/web/lib/django/contrib/auth/backends.py Wed May 19 17:43:59 2010 +0200 +++ b/web/lib/django/contrib/auth/backends.py Tue May 25 02:43:45 2010 +0200 @@ -1,16 +1,14 @@ -try: - set -except NameError: - from sets import Set as set # Python 2.3 fallback - from django.db import connection -from django.contrib.auth.models import User +from django.contrib.auth.models import User, Permission class ModelBackend(object): """ Authenticates against django.contrib.auth.models.User. """ + supports_object_permissions = False + supports_anonymous_user = True + # TODO: Model, login attribute name and password attribute name should be # configurable. def authenticate(self, username=None, password=None): @@ -27,35 +25,15 @@ groups. """ if not hasattr(user_obj, '_group_perm_cache'): - cursor = connection.cursor() - # The SQL below works out to the following, after DB quoting: - # cursor.execute(""" - # SELECT ct."app_label", p."codename" - # FROM "auth_permission" p, "auth_group_permissions" gp, "auth_user_groups" ug, "django_content_type" ct - # WHERE p."id" = gp."permission_id" - # AND gp."group_id" = ug."group_id" - # AND ct."id" = p."content_type_id" - # AND ug."user_id" = %s, [self.id]) - qn = connection.ops.quote_name - sql = """ - SELECT ct.%s, p.%s - FROM %s p, %s gp, %s ug, %s ct - WHERE p.%s = gp.%s - AND gp.%s = ug.%s - AND ct.%s = p.%s - AND ug.%s = %%s""" % ( - qn('app_label'), qn('codename'), - qn('auth_permission'), qn('auth_group_permissions'), - qn('auth_user_groups'), qn('django_content_type'), - qn('id'), qn('permission_id'), - qn('group_id'), qn('group_id'), - qn('id'), qn('content_type_id'), - qn('user_id'),) - cursor.execute(sql, [user_obj.id]) - user_obj._group_perm_cache = set(["%s.%s" % (row[0], row[1]) for row in cursor.fetchall()]) + perms = Permission.objects.filter(group__user=user_obj + ).values_list('content_type__app_label', 'codename' + ).order_by() + user_obj._group_perm_cache = set(["%s.%s" % (ct, name) for ct, name in perms]) return user_obj._group_perm_cache def get_all_permissions(self, user_obj): + if user_obj.is_anonymous(): + return set() if not hasattr(user_obj, '_perm_cache'): user_obj._perm_cache = set([u"%s.%s" % (p.content_type.app_label, p.codename) for p in user_obj.user_permissions.select_related()]) user_obj._perm_cache.update(self.get_group_permissions(user_obj))