Disabled access to the admin site for inactive accounts, and clarified documentation regarding User.is_active. Thanks to Enrico <rico.bl@gmail.com> for the report.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@3884 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-09-29 13:37:58 +00:00 · 2006-09-29 13:37:58 +00:00 · 14fb13da7e
parent fa8a1d252a
commit 14fb13da7e
2 changed files with 3 additions and 3 deletions
--- a/django/contrib/admin/views/decorators.py
+++ b/django/contrib/admin/views/decorators.py
@ -87,7 +87,7 @@ def staff_member_required(view_func):
        # The user data is correct; log in the user in and continue.
        else:
-            if user.is_staff:
+            if user.is_active and user.is_staff:
                login(request, user)
                # TODO: set last_login with an event.
                user.last_login = datetime.datetime.now()
--- a/docs/authentication.txt
+++ b/docs/authentication.txt
@ -66,8 +66,8 @@ Fields
      long and can contain any character. See the "Passwords" section below.
    * ``is_staff`` -- Boolean. Designates whether this user can access the
      admin site.
-    * ``is_active`` -- Boolean. Designates whether this user can log into the
+    * ``is_active`` -- Boolean. Designates whether this account can be used
-      Django admin. Set this to ``False`` instead of deleting accounts.
+      to log in. Set this flag to ``False`` instead of deleting accounts.
    * ``is_superuser`` -- Boolean. Designates that this user has all permissions
      without explicitly assigning them.
    * ``last_login`` -- A datetime of the user's last login. Is set to the