[1.2.X] Fixed #14795 -- Ensure that get_all_permissions() returns the right result (i.e., all permissions) for superusers. Thanks to jay.halleaux@gmail.com for the report, and Brett Haydon for the patch.

Backport of r14797 from trunk.

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.2.X@14801 bcc190cf-cafb-0310-a4f2-bffc1f526a37

django/contrib/auth/backends.py

@@ -25,9 +25,11 @@ class ModelBackend(object):
         groups.
         """
         if not hasattr(user_obj, '_group_perm_cache'):
-            perms = Permission.objects.filter(group__user=user_obj
-                ).values_list('content_type__app_label', 'codename'
-                ).order_by()
+            if user_obj.is_superuser:
+                perms = Permission.objects.all()
+            else:
+                perms = Permission.objects.filter(group__user=user_obj)
+            perms = perms.values_list('content_type__app_label', 'codename').order_by()
             user_obj._group_perm_cache = set(["%s.%s" % (ct, name) for ct, name in perms])
         return user_obj._group_perm_cache
 

django/contrib/auth/tests/auth_backends.py

@@ -13,6 +13,7 @@ class BackendTest(TestCase):
         self.curr_auth = settings.AUTHENTICATION_BACKENDS
         settings.AUTHENTICATION_BACKENDS = (self.backend,)
         User.objects.create_user('test', 'test@example.com', 'test')
+        User.objects.create_superuser('test2', 'test2@example.com', 'test')
 
     def tearDown(self):
         settings.AUTHENTICATION_BACKENDS = self.curr_auth
@@ -88,6 +89,10 @@ class BackendTest(TestCase):
         self.assertEqual(user.has_perm('auth.test'), True)
         self.assertEqual(user.get_all_permissions(), set(['auth.test']))
 
+    def test_get_all_superuser_permissions(self):
+        "A superuser has all permissions. Refs #14795"
+        user = User.objects.get(username='test2')
+        self.assertEqual(len(user.get_all_permissions()), len(Permission.objects.all()))
 
 class TestObj(object):
     pass