Fixed #550 -- Default admin template now checks user permissions, hiding apps/modules/actions for which the user doesn't have permissions. Thanks, Jason Huggins

git-svn-id: http://code.djangoproject.com/svn/django/trunk@684 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2005-09-25 19:08:44 +00:00 · 2005-09-25 19:08:44 +00:00 · 530cdb5a8d
parent 572ac3e7df
commit 530cdb5a8d
2 changed files with 61 additions and 22 deletions
--- a/django/conf/admin_templates/index.html
+++ b/django/conf/admin_templates/index.html
@ -9,21 +9,38 @@
 {% load adminapplist %}

 {% get_admin_app_list as app_list %}
+{% if app_list %}
    {% for app in app_list %}
        <div class="module">
        <h2>{{ app.name }}</h2>
        <table>
        {% for model in app.models %}
            <tr>
+            {% if model.perms.change %}
                <th><a href="{{ model.admin_url }}">{{ model.name }}</a></th>
+            {% else %}
+                <th>{{ model.name }}</th>
+            {% endif %}
+
+            {% if model.perms.add %}
                <td class="x50"><a href="{{ model.admin_url }}add/" class="addlink">Add</a></td>
+            {% else %}
+                <td class="x50">&nbsp;</td>
+            {% endif %}
+
+            {% if model.perms.change %}
                <td class="x75"><a href="{{ model.admin_url }}" class="changelink">Change</a></td>
+            {% else %}
+                <td class="x75">&nbsp;</td>
+            {% endif %}
            </tr>
        {% endfor %}
        </table>
        </div>
    {% endfor %}
-
+{% else %}
+    <p>You don't have permission to edit anything.</p>
+{% endif %}
 </div>
 {% endblock %}

--- a/django/templatetags/adminapplist.py
+++ b/django/templatetags/adminapplist.py
@ -8,14 +8,36 @@ class AdminApplistNode(template.Node):
        from django.core import meta
        from django.utils.text import capfirst
        app_list = []
+        user = context['user']
+
        for app in meta.get_installed_model_modules():
            app_label = app.__name__[app.__name__.rindex('.')+1:]
-            model_list = [{'name': capfirst(m._meta.verbose_name_plural),
-                            'admin_url': '%s/%s/' % (app_label, m._meta.module_name)} \
-                            for m in app._MODELS if m._meta.admin]
+            has_module_perms = user.has_module_perms(app_label)
+
+            if has_module_perms:
+                model_list = []
+                for m in app._MODELS:
+                    if m._meta.admin:
+                        module_name = m._meta.module_name
+                        perms = {
+                            'add': user.has_perm("%s.%s" % (app_label, m._meta.get_add_permission())),
+                            'change': user.has_perm("%s.%s" % (app_label, m._meta.get_change_permission())),
+                            'delete': user.has_perm("%s.%s" % (app_label, m._meta.get_delete_permission())),
+                        }
+
+                        # Check whether user has any perm for this module.
+                        # If so, add the module to the model_list.
+                        if True in perms.values():
+                            model_list.append({
+                                'name': capfirst(m._meta.verbose_name_plural),
+                                'admin_url': '%s/%s/' % (app_label, m._meta.module_name),
+                                'perms': perms,
+                            })
+
                if model_list:
                    app_list.append({
                        'name': app_label.title(),
+                        'has_module_perms': has_module_perms,
                        'models': model_list,
                    })
        context[self.varname] = app_list