Author: adrian
Date: 2006-09-08 00:38:38 -0500 (Fri, 08 Sep 2006)
New Revision: 3736
Modified:
django/trunk/django/contrib/admin/views/auth.py
Log:
Added staff_member_required and permission check to
django.contrib.admin.views.auth.user_add_stage() -- thanks, Robert Bunting
Modified: django/trunk/django/contrib/admin/views/auth.py
===================================================================
--- django/trunk/django/contrib/admin/views/auth.py 2006-09-07 18:26:00 UTC
(rev 3735)
+++ django/trunk/django/contrib/admin/views/auth.py 2006-09-08 05:38:38 UTC
(rev 3736)
@@ -1,3 +1,4 @@
+from django.contrib.admin.views.decorators import staff_member_required
from django.contrib.auth.forms import UserCreationForm
from django.contrib.auth.models import User
from django import forms, template
@@ -5,6 +6,8 @@
from django.http import HttpResponseRedirect
def user_add_stage(request):
+ if not request.user.has_perm('auth.change_user'):
+ raise PermissionDenied
manipulator = UserCreationForm()
if request.method == 'POST':
new_data = request.POST.copy()
@@ -37,3 +40,4 @@
'opts': User._meta,
'username_help_text': User._meta.get_field('username').help_text,
}, context_instance=template.RequestContext(request))
+user_add_stage = staff_member_required(user_add_stage)
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to django-updates@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/django-updates
-~----------~----~----~----~------~----~------~--~---
