I would be pretty curious to see what they say about this. I've never
thought about it.
Looks like you're no the first to notice this:
We probably could make a custom UserChangeForm as they demonstrate. We
already have one, actually. Still, I'd like to see this fixed upstream.
Christian Hammond - chip...@chipx86.com
Review Board - http://www.reviewboard.org
VMware, Inc. - http://www.vmware.com
On Wed, Mar 10, 2010 at 1:11 PM, Matthew Woehlke <
> On 2010-03-10 15:07, Christian Hammond wrote:
>> Staff means you have the ability to create/delete/modify anything in the
>> database that you have permissions for (by default, this is everything, I
>> believe). Superuser means you have it no matter what permissions are set.
>> You basically have every single permission automatically.
>> This is a Django thing, and not controlled by Review Board in any way. It
>> seems like something they should probably prevent. I think the proper
>> to do, though, is to just not give staff members the ability to modify
>> by default. I see nothing in Django that prevents modifying this flag
> Okay, thanks. Unfortunately that seems like it would defeat the goal of
> staff being able to create users and reset passwords :-(.
> It seems rather counter-intuitive that the 'may modify users' and
> 'superuser' flags are effectively synonymous. I guess I should bug Django
> about it?
> Want to help the Review Board project? Donate today at
> Happy user? Let us know at http://www.reviewboard.org/users/
> To unsubscribe from this group, send email to
> For more options, visit this group at
Want to help the Review Board project? Donate today at
Happy user? Let us know at http://www.reviewboard.org/users/
To unsubscribe from this group, send email to
For more options, visit this group at