Django: user.has_perm always true and user is not superuser. Why?

django permissions django-1.5
19,908

As mentioned in comment by Thane Brimhall you should check your authentication backends. You can find this comment on has_perm method of User model in django sources:

Returns True if the user has the specified permission. This method queries all available auth backends, but returns immediately if any backend returns True. Thus, a user who has permission from a single auth backend is assumed to have permission in general.

Also don't forget to check user groups. Default backend checks for user groups permissions thus it may be connected.

Share:
19,908
neurix
Author by

neurix

Updated on June 08, 2022

Comments

  • neurix
    neurix about 2 years

    I assigned a permission of a user in my Django 1.5 app. When I list all user permissions with 

    In [1]: user.get_all_permissions()
Out[1]: set([u'profile.change_profile'])

    I can see one permission (which is correct and wanted). The user is also not a superuser, not an admin.

    In [2]: user.is_superuser
Out[2]: False

    However, if I try to use user.has_perm, I always get True as a return for any submitted permission request. 

    In [3]: user.has_perm('random_permission')
Out[3]: True

    A behaviour I would expect if the user is a superuser/admin. Why is a non-superuser getting always True for every request? Did I miss any setting?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Permission denied when trying to write to file from a view
Why is "blank" is missing in django.forms.CharField, but present in django.db.models.CharField?
Django Cannot Create Test Database Permission Denied
Nginx: 502 Bad Gateway error with (111: Connection refused) to uWSGI socket while running django
CentOS7 nginx permission denied for media and static
nginx (13: Permission denied) on socket
Django select_for_update cannot be used outside of a transaction
Changing password in Django Admin
Get user group in a template
How to check current user's permissions from a Group in Django?