#6977: should check has_add_permission(), not has_change_permission(), in user
add
view
-------------------------------------------+--------------------------------
Reporter: [email protected] | Owner: mk
Status: closed | Milestone:
Component: Authentication | Version: newforms-admin
Resolution: invalid | Keywords: nfa-someday
Stage: Accepted | Has_patch: 1
Needs_docs: 0 | Needs_tests: 0
Needs_better_patch: 0 |
-------------------------------------------+--------------------------------
Changes (by mk):
* status: assigned => closed
* resolution: => invalid
Comment:
From django/contrib/auth/admin.py:
def add_view(self, request):
# It's an error for a user to have add permission but NOT change
# permission for users. If we allowed such users to add users,
they
# could create superusers, which would mean they would essentially
have
# the permission to change users. To avoid the problem entirely,
we
# disallow users from adding users if they don't have change
# permission.
--
Ticket URL: <http://code.djangoproject.com/ticket/6977#comment:6>
Django <http://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en
-~----------~----~----~----~------~----~------~--~---
