diff options
| author | Adrian Holovaty <adrian@holovaty.com> | 2006-09-08 05:38:38 +0000 |
|---|---|---|
| committer | Adrian Holovaty <adrian@holovaty.com> | 2006-09-08 05:38:38 +0000 |
| commit | e9b19df3ee04b9ea0e9a11012f956e9907579f5d (patch) | |
| tree | 2757969f36b385540b90870d9598380755c9f9fd | |
| parent | 8aa6a94e1a6a457b3a62377ff68b64421cc4596f (diff) | |
Added staff_member_required and permission check to django.contrib.admin.views.auth.user_add_stage() -- thanks, Robert Bunting
git-svn-id: http://code.djangoproject.com/svn/django/trunk@3736 bcc190cf-cafb-0310-a4f2-bffc1f526a37
| -rw-r--r-- | django/contrib/admin/views/auth.py | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/django/contrib/admin/views/auth.py b/django/contrib/admin/views/auth.py index d09075c2a1..42230050cc 100644 --- a/django/contrib/admin/views/auth.py +++ b/django/contrib/admin/views/auth.py @@ -1,3 +1,4 @@ +from django.contrib.admin.views.decorators import staff_member_required from django.contrib.auth.forms import UserCreationForm from django.contrib.auth.models import User from django import forms, template @@ -5,6 +6,8 @@ from django.shortcuts import render_to_response from django.http import HttpResponseRedirect def user_add_stage(request): + if not request.user.has_perm('auth.change_user'): + raise PermissionDenied manipulator = UserCreationForm() if request.method == 'POST': new_data = request.POST.copy() @@ -37,3 +40,4 @@ def user_add_stage(request): 'opts': User._meta, 'username_help_text': User._meta.get_field('username').help_text, }, context_instance=template.RequestContext(request)) +user_add_stage = staff_member_required(user_add_stage) |
