refs #6: no longer relying on self.user being set

authority/permissions.py

@@ -46,6 +46,8 @@ class BasePermission(object):
         """
         Set up both the user and group caches.
         """
+        if not self.user:
+            return {}, {}
         perms = Permission.objects.filter(
             Q(user__pk=self.user.pk) | Q(group__in=self.user.groups.all()),
         ).select_related(
@@ -92,6 +94,8 @@ class BasePermission(object):
         cached_permissions will generate the cache in a lazy fashion.
         """
         # Check to see if the cache has been primed.
+        if not self.user:
+            return {}
         cache_filled = getattr(
             self.user,
             '_user_permissions_cache_filled',
@@ -114,6 +118,8 @@ class BasePermission(object):
         cached_permissions will generate the cache in a lazy fashion.
         """
         # Check to see if the cache has been primed.
+        if not self.user:
+            return {}
         cache_filled = getattr(
             self.user,
             '_group_permissions_cache_filled',
@@ -136,14 +142,16 @@ class BasePermission(object):
         the next time the cached_permissions is used the cache will be
         re-primed.
         """
-        self.user._user_permissions_cache_filled = False
-        self.user._group_permissions_cache_filled = False
+        if self.user:
+            self.user._user_permissions_cache_filled = False
+            self.user._group_permissions_cache_filled = False
 
     @property
     def use_smart_cache(self):
         # AUTHORITY_USE_SMART_CACHE defaults to False to maintain backwards
         # compatibility.
-        return getattr(settings, 'AUTHORITY_USE_SMART_CACHE', True)
+        use_smart_cache = getattr(settings, 'AUTHORITY_USE_SMART_CACHE', True)
+        return self.user and use_smart_cache
 
     def has_user_perms(self, perm, obj, approved, check_groups=True):
         if self.user:

authority/tests.py

@@ -266,3 +266,38 @@ class GroupPermissionCacheTestCase(SmartCacheingTestCase):
             check_groups=True,
         )
         self.assertTrue(can_foo_with_group)
+
+    def test_has_group_perms_no_user(self):
+        # Make sure calling has_user_perms on a permission that does not have a
+        # user does not throw any errors.
+        can_foo_with_group = self.group_check.has_group_perms(
+            'foo',
+            self.user,
+            approved=True,
+        )
+        self.assertFalse(can_foo_with_group)
+
+        self.assertEqual(self.group_check.cached_user_permissions, {})
+        self.assertEqual(self.group_check.cached_group_permissions, {})
+
+        # Create a permission with just that group.
+        Permission.objects.create(
+            content_type=Permission.objects.get_content_type(User),
+            object_id=self.user.pk,
+            codename='foo',
+            group=self.group,
+            approved=True,
+        )
+
+        # Invalidate the cache.
+        self.group_check.invalidate_permissions_cache()
+
+        can_foo_with_group = self.group_check.has_group_perms(
+            'foo',
+            self.user,
+            approved=True,
+        )
+        self.assertTrue(can_foo_with_group)
+
+        self.assertEqual(self.group_check.cached_user_permissions, {})
+        self.assertEqual(self.group_check.cached_group_permissions, {})