diff options
| author | Adrian Holovaty <adrian@holovaty.com> | 2005-09-25 19:08:44 +0000 |
|---|---|---|
| committer | Adrian Holovaty <adrian@holovaty.com> | 2005-09-25 19:08:44 +0000 |
| commit | 530cdb5a8dd8a1083b15719459c2425b71bace94 (patch) | |
| tree | 1615bb58f7069e33f8e636b3cb0cea8e0725dfd1 | |
| parent | 572ac3e7dfadec6434527ebbdccef97de1cc191c (diff) | |
Fixed #550 -- Default admin template now checks user permissions, hiding apps/modules/actions for which the user doesn't have permissions. Thanks, Jason Huggins
git-svn-id: http://code.djangoproject.com/svn/django/trunk@684 bcc190cf-cafb-0310-a4f2-bffc1f526a37
| -rw-r--r-- | django/conf/admin_templates/index.html | 45 | ||||
| -rw-r--r-- | django/templatetags/adminapplist.py | 38 |
2 files changed, 61 insertions, 22 deletions
diff --git a/django/conf/admin_templates/index.html b/django/conf/admin_templates/index.html index 5149f25580..7610b3a023 100644 --- a/django/conf/admin_templates/index.html +++ b/django/conf/admin_templates/index.html @@ -9,21 +9,38 @@ {% load adminapplist %} {% get_admin_app_list as app_list %} -{% for app in app_list %} - <div class="module"> - <h2>{{ app.name }}</h2> - <table> - {% for model in app.models %} - <tr> - <th><a href="{{ model.admin_url }}">{{ model.name }}</a></th> - <td class="x50"><a href="{{ model.admin_url }}add/" class="addlink">Add</a></td> - <td class="x75"><a href="{{ model.admin_url }}" class="changelink">Change</a></td> - </tr> - {% endfor %} - </table> - </div> -{% endfor %} +{% if app_list %} + {% for app in app_list %} + <div class="module"> + <h2>{{ app.name }}</h2> + <table> + {% for model in app.models %} + <tr> + {% if model.perms.change %} + <th><a href="{{ model.admin_url }}">{{ model.name }}</a></th> + {% else %} + <th>{{ model.name }}</th> + {% endif %} + + {% if model.perms.add %} + <td class="x50"><a href="{{ model.admin_url }}add/" class="addlink">Add</a></td> + {% else %} + <td class="x50"> </td> + {% endif %} + {% if model.perms.change %} + <td class="x75"><a href="{{ model.admin_url }}" class="changelink">Change</a></td> + {% else %} + <td class="x75"> </td> + {% endif %} + </tr> + {% endfor %} + </table> + </div> + {% endfor %} +{% else %} + <p>You don't have permission to edit anything.</p> +{% endif %} </div> {% endblock %} diff --git a/django/templatetags/adminapplist.py b/django/templatetags/adminapplist.py index 1f5e3db125..92e1bd3ccb 100644 --- a/django/templatetags/adminapplist.py +++ b/django/templatetags/adminapplist.py @@ -8,16 +8,38 @@ class AdminApplistNode(template.Node): from django.core import meta from django.utils.text import capfirst app_list = [] + user = context['user'] + for app in meta.get_installed_model_modules(): app_label = app.__name__[app.__name__.rindex('.')+1:] - model_list = [{'name': capfirst(m._meta.verbose_name_plural), - 'admin_url': '%s/%s/' % (app_label, m._meta.module_name)} \ - for m in app._MODELS if m._meta.admin] - if model_list: - app_list.append({ - 'name': app_label.title(), - 'models': model_list, - }) + has_module_perms = user.has_module_perms(app_label) + + if has_module_perms: + model_list = [] + for m in app._MODELS: + if m._meta.admin: + module_name = m._meta.module_name + perms = { + 'add': user.has_perm("%s.%s" % (app_label, m._meta.get_add_permission())), + 'change': user.has_perm("%s.%s" % (app_label, m._meta.get_change_permission())), + 'delete': user.has_perm("%s.%s" % (app_label, m._meta.get_delete_permission())), + } + + # Check whether user has any perm for this module. + # If so, add the module to the model_list. + if True in perms.values(): + model_list.append({ + 'name': capfirst(m._meta.verbose_name_plural), + 'admin_url': '%s/%s/' % (app_label, m._meta.module_name), + 'perms': perms, + }) + + if model_list: + app_list.append({ + 'name': app_label.title(), + 'has_module_perms': has_module_perms, + 'models': model_list, + }) context[self.varname] = app_list return '' |
