Fixed #10694: correctly check permissions in the change password admin. Thanks, jturnbull.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@10591 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-04-18 21:04:40 +00:00 · 2009-04-18 21:04:40 +00:00 · ab562bf954
parent ccc8e104ee
commit ab562bf954
1 changed files with 1 additions and 1 deletions
--- a/django/contrib/auth/admin.py
+++ b/django/contrib/auth/admin.py
@ -96,7 +96,7 @@ class UserAdmin(admin.ModelAdmin):
        }, context_instance=template.RequestContext(request))

    def user_change_password(self, request, id):
-        if not request.user.has_perm('auth.change_user'):
+        if not self.has_change_permission(request):
            raise PermissionDenied
        user = get_object_or_404(self.model, pk=id)
        if request.method == 'POST':