#14434: AdminSite should check self.has_permission in self.login
-----------------------------------------+-------------------------------
Reporter: bkonkle | Owner: nobody
Type: Uncategorized | Status: reopened
Milestone: | Component: contrib.admin
Version: 1.2 | Severity: Normal
Resolution: | Keywords: admin views
Triage Stage: Accepted | Has patch: 1
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 0
UI/UX: 0 |
-----------------------------------------+-------------------------------
Changes (by danny.adair@…):
* status: closed => reopened
* severity: => Normal
* type: => Uncategorized
* easy: => 0
* ui_ux: => 0
* resolution: fixed =>
Comment:
I don't believe this has been fully resolved.
Even when AdminSite.has_permission() is overridden, it won't lead to the
expected effect:
https://code.djangoproject.com/browser/django/trunk/django/contrib/admin/forms.py#L40
and
https://code.djangoproject.com/browser/django/trunk/django/contrib/admin/templates/admin/base.html#L26
still do explicit "is_staff" checks.
See also
http://stackoverflow.com/questions/4022551/how-to-make-django-admin-site-
accessed-by-non-staff-user/5573686#5573686
--
Ticket URL: <https://code.djangoproject.com/ticket/14434#comment:5>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en.
