summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAdrian Holovaty <adrian@holovaty.com>2006-09-08 05:38:38 +0000
committerAdrian Holovaty <adrian@holovaty.com>2006-09-08 05:38:38 +0000
commite9b19df3ee04b9ea0e9a11012f956e9907579f5d (patch)
tree2757969f36b385540b90870d9598380755c9f9fd
parent8aa6a94e1a6a457b3a62377ff68b64421cc4596f (diff)
Added staff_member_required and permission check to django.contrib.admin.views.auth.user_add_stage() -- thanks, Robert Bunting
git-svn-id: http://code.djangoproject.com/svn/django/trunk@3736 bcc190cf-cafb-0310-a4f2-bffc1f526a37
-rw-r--r--django/contrib/admin/views/auth.py4
1 files changed, 4 insertions, 0 deletions
diff --git a/django/contrib/admin/views/auth.py b/django/contrib/admin/views/auth.py
index d09075c2a1..42230050cc 100644
--- a/django/contrib/admin/views/auth.py
+++ b/django/contrib/admin/views/auth.py
@@ -1,3 +1,4 @@
+from django.contrib.admin.views.decorators import staff_member_required
from django.contrib.auth.forms import UserCreationForm
from django.contrib.auth.models import User
from django import forms, template
@@ -5,6 +6,8 @@ from django.shortcuts import render_to_response
from django.http import HttpResponseRedirect
def user_add_stage(request):
+ if not request.user.has_perm('auth.change_user'):
+ raise PermissionDenied
manipulator = UserCreationForm()
if request.method == 'POST':
new_data = request.POST.copy()
@@ -37,3 +40,4 @@ def user_add_stage(request):
'opts': User._meta,
'username_help_text': User._meta.get_field('username').help_text,
}, context_instance=template.RequestContext(request))
+user_add_stage = staff_member_required(user_add_stage)