mirror of
				https://github.com/django/django.git
				synced 2025-10-20 20:29:14 +00:00 
			
		
		
		
	[1.4.x] Fixed #18979 -- Avoid endless loop caused by "val in PermLookupDict"
Fixed by defining __iter__ which raises TypeError. This was done to PermWrapper earlier. Backport of 50d573d2c0b3e17cbf1aa240b03b52e4ad0c32cd
This commit is contained in:
		
							parent
							
								
									bd514f28e4
								
							
						
					
					
						commit
						1f537335d9
					
				| @ -11,6 +11,11 @@ class PermLookupDict(object): | ||||
|     def __getitem__(self, perm_name): | ||||
|         return self.user.has_perm("%s.%s" % (self.module_name, perm_name)) | ||||
| 
 | ||||
|     def __iter__(self): | ||||
|         # To fix 'item in perms.someapp' and __getitem__ iteraction we need to | ||||
|         # define __iter__. See #18979 for details. | ||||
|         raise TypeError("PermLookupDict is not iterable.") | ||||
| 
 | ||||
|     def __nonzero__(self): | ||||
|         return self.user.has_module_perms(self.module_name) | ||||
| 
 | ||||
|  | ||||
| @ -2,12 +2,56 @@ import os | ||||
| 
 | ||||
| from django.conf import global_settings | ||||
| from django.contrib.auth import authenticate | ||||
| from django.contrib.auth.context_processors import PermWrapper, PermLookupDict | ||||
| from django.db.models import Q | ||||
| from django.template import context | ||||
| from django.test import TestCase | ||||
| from django.test.utils import override_settings | ||||
| 
 | ||||
| 
 | ||||
| class MockUser(object): | ||||
|     def has_module_perm(self, perm): | ||||
|         if perm == 'mockapp.someapp': | ||||
|             return True | ||||
|         return False | ||||
| 
 | ||||
|     def has_perm(self, perm): | ||||
|         if perm == 'someperm': | ||||
|             return True | ||||
|         return False | ||||
| 
 | ||||
| 
 | ||||
| class PermWrapperTests(TestCase): | ||||
|     """ | ||||
|     Test some details of the PermWrapper implementation. | ||||
|     """ | ||||
|     class EQLimiterObject(object): | ||||
|         """ | ||||
|         This object makes sure __eq__ will not be called endlessly. | ||||
|         """ | ||||
|         def __init__(self): | ||||
|             self.eq_calls = 0 | ||||
| 
 | ||||
|         def __eq__(self, other): | ||||
|             if self.eq_calls > 0: | ||||
|                 return True | ||||
|             self.eq_calls += 1 | ||||
|             return False | ||||
| 
 | ||||
|     def test_permwrapper_in(self): | ||||
|         """ | ||||
|         Test that 'something' in PermWrapper doesn't end up in endless loop. | ||||
|         """ | ||||
|         perms = PermWrapper(MockUser()) | ||||
|         with self.assertRaises(TypeError): | ||||
|             self.EQLimiterObject() in perms | ||||
| 
 | ||||
|     def test_permlookupdict_in(self): | ||||
|         pldict = PermLookupDict(MockUser(), 'mockapp') | ||||
|         with self.assertRaises(TypeError): | ||||
|             self.EQLimiterObject() in pldict | ||||
| 
 | ||||
| 
 | ||||
| class AuthContextProcessorTests(TestCase): | ||||
|     """ | ||||
|     Tests for the ``django.contrib.auth.context_processors.auth`` processor | ||||
|  | ||||
		Loading…
	
	
			
			x
			
			
		
	
		Reference in New Issue
	
	Block a user