Fixed #28982 -- Simplified code with and/or.

author: Дилян Палаузов <Dilyan.Palauzov@db.com> 2018-01-03 18:52:12 -0500
committer: Tim Graham <timograham@gmail.com> 2018-01-03 20:12:23 -0500
commit: d7b2aa24f75434c2ce50100cfef3586071e0747a (patch)
tree: 9074eb7522888e744f948c52174f367a4281c200 /django/contrib/auth/admin.py
parent: c2d0f8c084456b5073252a91eeb09ab3d7453b18 (diff)
1 files changed, 2 insertions, 4 deletions
diff --git a/django/contrib/auth/admin.py b/django/contrib/auth/admin.py
index 3bfbef7c68..0d3267b71b 100644
--- a/django/contrib/auth/admin.py
+++ b/django/contrib/auth/admin.py
@@ -88,10 +88,8 @@ class UserAdmin(admin.ModelAdmin):
         ] + super().get_urls()
 
     def lookup_allowed(self, lookup, value):
-        # See #20078: we don't want to allow any lookups involving passwords.
-        if lookup.startswith('password'):
-            return False
-        return super().lookup_allowed(lookup, value)
+        # Don't allow lookups involving passwords.
+        return not lookup.startswith('password') and super().lookup_allowed(lookup, value)
 
     @sensitive_post_parameters_m
     @csrf_protect_m
author	Дилян Палаузов <Dilyan.Palauzov@db.com>	2018-01-03 18:52:12 -0500
committer	Tim Graham <timograham@gmail.com>	2018-01-03 20:12:23 -0500
commit	d7b2aa24f75434c2ce50100cfef3586071e0747a (patch)
tree	9074eb7522888e744f948c52174f367a4281c200 /django/contrib/auth/admin.py
parent	c2d0f8c084456b5073252a91eeb09ab3d7453b18 (diff)