Merge pull request #6286 from markddavidoff/patch-1

permissions must return a boolean to allow &/| operator comparison
2025-05-06 17:03:42 +03:00 · 2018-11-05 16:04:08 +00:00 · 2018-11-05 16:04:08 +00:00 · bf9533ae37
commit bf9533ae37
parent fae7e91728 1f13b6f6b2
2 changed files with 21 additions and 14 deletions
--- a/rest_framework/permissions.py
+++ b/rest_framework/permissions.py
@ -110,7 +110,7 @@ class IsAuthenticated(BasePermission):
    """
    def has_permission(self, request, view):
-        return request.user and request.user.is_authenticated
+        return bool(request.user and request.user.is_authenticated)
 class IsAdminUser(BasePermission):
@ -119,7 +119,7 @@ class IsAdminUser(BasePermission):
    """
    def has_permission(self, request, view):
-        return request.user and request.user.is_staff
+        return bool(request.user and request.user.is_staff)
 class IsAuthenticatedOrReadOnly(BasePermission):
@ -128,7 +128,7 @@ class IsAuthenticatedOrReadOnly(BasePermission):
    """
    def has_permission(self, request, view):
-        return (
+        return bool(
            request.method in SAFE_METHODS or
            request.user and
            request.user.is_authenticated
--- a/tests/test_permissions.py
+++ b/tests/test_permissions.py
@ -5,7 +5,7 @@ import unittest
 import warnings
 import django
-from django.contrib.auth.models import Group, Permission, User
+from django.contrib.auth.models import AnonymousUser, Group, Permission, User
 from django.db import models
 from django.test import TestCase
 from django.urls import ResolverMatch
@ -542,39 +542,46 @@ class CustomPermissionsTests(TestCase):
            self.assertEqual(detail, self.custom_message)
 class FakeUser:
    def __init__(self, auth=False):
        self.is_authenticated = auth
 class PermissionsCompositionTests(TestCase):
    def setUp(self):
        self.username = 'john'
        self.email = 'lennon@thebeatles.com'
        self.password = 'password'
        self.user = User.objects.create_user(
            self.username,
            self.email,
            self.password
        )
        self.client.login(username=self.username, password=self.password)
    def test_and_false(self):
        request = factory.get('/1', format='json')
-        request.user = FakeUser(auth=False)
+        request.user = AnonymousUser()
        composed_perm = permissions.IsAuthenticated & permissions.AllowAny
        assert composed_perm().has_permission(request, None) is False
    def test_and_true(self):
        request = factory.get('/1', format='json')
-        request.user = FakeUser(auth=True)
+        request.user = self.user
        composed_perm = permissions.IsAuthenticated & permissions.AllowAny
        assert composed_perm().has_permission(request, None) is True
    def test_or_false(self):
        request = factory.get('/1', format='json')
-        request.user = FakeUser(auth=False)
+        request.user = AnonymousUser()
        composed_perm = permissions.IsAuthenticated | permissions.AllowAny
        assert composed_perm().has_permission(request, None) is True
    def test_or_true(self):
        request = factory.get('/1', format='json')
-        request.user = FakeUser(auth=True)
+        request.user = self.user
        composed_perm = permissions.IsAuthenticated | permissions.AllowAny
        assert composed_perm().has_permission(request, None) is True
    def test_several_levels(self):
        request = factory.get('/1', format='json')
-        request.user = FakeUser(auth=True)
+        request.user = self.user
        composed_perm = (
            permissions.IsAuthenticated &
            permissions.IsAuthenticated &