summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAdrian Holovaty <adrian@holovaty.com>2008-12-25 06:17:42 +0000
committerAdrian Holovaty <adrian@holovaty.com>2008-12-25 06:17:42 +0000
commitbe2697209bdffa8807140a01f43bee024c5a2bfd (patch)
tree784728a12770b33ad1be1320b36653c2371082dd
parent62362c61757acfd68201ad737db98108a0146151 (diff)
Improved the auth admin site to raise Http404 with a helpful error message if DEBUG is True, explaining why permission isn't denied. Refs #9866, and see also [9682]
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9683 bcc190cf-cafb-0310-a4f2-bffc1f526a37
-rw-r--r--django/contrib/auth/admin.py14
1 files changed, 9 insertions, 5 deletions
diff --git a/django/contrib/auth/admin.py b/django/contrib/auth/admin.py
index 598d72bcf2..805ca328e1 100644
--- a/django/contrib/auth/admin.py
+++ b/django/contrib/auth/admin.py
@@ -1,14 +1,14 @@
-
+from django import template
+from django.conf import settings
+from django.contrib import admin
+from django.contrib.auth.forms import UserCreationForm, UserChangeForm, AdminPasswordChangeForm
from django.contrib.auth.models import User, Group
from django.core.exceptions import PermissionDenied
-from django import template
+from django.http import HttpResponseRedirect, Http404
from django.shortcuts import render_to_response, get_object_or_404
from django.template import RequestContext
from django.utils.html import escape
-from django.http import HttpResponseRedirect
from django.utils.translation import ugettext, ugettext_lazy as _
-from django.contrib.auth.forms import UserCreationForm, UserChangeForm, AdminPasswordChangeForm
-from django.contrib import admin
class GroupAdmin(admin.ModelAdmin):
search_fields = ('name',)
@@ -49,6 +49,10 @@ class UserAdmin(admin.ModelAdmin):
# disallow users from adding users if they don't have change
# permission.
if not self.has_change_permission(request):
+ if self.has_add_permission(request) and settings.DEBUG:
+ # Raise Http404 in debug mode so that the user gets a helpful
+ # error message.
+ raise Http404('Your user does not have the "Change user" permission. In order to add users, Django requires that your user account have both the "Add user" and "Change user" permissions set.')
raise PermissionDenied
if request.method == 'POST':
form = self.add_form(request.POST)