Prevented admin from importing auth.User.

Since we don't enforce order between apps, root packages of contrib apps cannot import models from unrelated apps. Fix #22005, refs #21719.
2014-03-09 20:29:00 +01:00 · 2014-03-09 20:29:00 +01:00 · 7339f43c71
parent 8b67fa7551
commit 7339f43c71
1 changed files with 3 additions and 1 deletions
--- a/django/contrib/admin/sites.py
+++ b/django/contrib/admin/sites.py
@ -2,7 +2,6 @@ from functools import update_wrapper
 from django.http import Http404, HttpResponseRedirect
 from django.contrib.admin import ModelAdmin, actions
 from django.contrib.auth import REDIRECT_FIELD_NAME
-from django.contrib.auth.views import redirect_to_login
 from django.views.decorators.csrf import csrf_protect
 from django.db.models.base import ModelBase
 from django.apps import apps
@ -195,6 +194,9 @@ class AdminSite(object):
                if request.path == reverse('admin:logout', current_app=self.name):
                    index_path = reverse('admin:index', current_app=self.name)
                    return HttpResponseRedirect(index_path)
+                # Inner import to prevent django.contrib.admin (app) from
+                # importing django.contrib.auth.models.User (unrelated model).
+                from django.contrib.auth.views import redirect_to_login
                return redirect_to_login(
                    request.get_full_path(),
                    reverse('admin:login', current_app=self.name)