summaryrefslogtreecommitdiff
path: root/django/contrib/admin/views/auth.py
diff options
context:
space:
mode:
Diffstat (limited to 'django/contrib/admin/views/auth.py')
-rw-r--r--django/contrib/admin/views/auth.py4
1 files changed, 4 insertions, 0 deletions
diff --git a/django/contrib/admin/views/auth.py b/django/contrib/admin/views/auth.py
index d09075c2a1..42230050cc 100644
--- a/django/contrib/admin/views/auth.py
+++ b/django/contrib/admin/views/auth.py
@@ -1,3 +1,4 @@
+from django.contrib.admin.views.decorators import staff_member_required
from django.contrib.auth.forms import UserCreationForm
from django.contrib.auth.models import User
from django import forms, template
@@ -5,6 +6,8 @@ from django.shortcuts import render_to_response
from django.http import HttpResponseRedirect
def user_add_stage(request):
+ if not request.user.has_perm('auth.change_user'):
+ raise PermissionDenied
manipulator = UserCreationForm()
if request.method == 'POST':
new_data = request.POST.copy()
@@ -37,3 +40,4 @@ def user_add_stage(request):
'opts': User._meta,
'username_help_text': User._meta.get_field('username').help_text,
}, context_instance=template.RequestContext(request))
+user_add_stage = staff_member_required(user_add_stage)
generated by cgit v1.3 (git 2.53.0) at 2026-05-02 00:45:35 +0000