Opened 3 years ago
Last modified 3 years ago
#33269 closed Cleanup/optimization
Raise an error if a string is passed into has_perms() instead of a list — at Version 1
Reported by: | lieryan | Owned by: | nobody |
---|---|---|---|
Component: | contrib.auth | Version: | 3.2 |
Severity: | Normal | Keywords: | |
Cc: | Triage Stage: | Ready for checkin | |
Has patch: | yes | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | no |
Description (last modified by )
A colleague made this error recently doing a user.has_perms("foobar") instead of the correct user.has_perms(foobar) or user.has_perm("foobar"). The code initially appeared to work fine since in Python, str is an iterable that returned individual characters as string when iterated over.
We checked for str in particular rather than enforcing it to be a list, since perm_list may actually be tuple, set, generators, or other iterables.
An alternative way this could be fixed is to just silently behave like has_perm() if perm_list is actually a string rather than raising an error, but that'll probably enforce a bad habit.
Pull request in #14969(https://github.com/django/django/pull/14969).