Fixed #10694: correctly check permissions in the change password admin. Thanks, jturnbull.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10591 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
parent
ccc8e104ee
commit
ab562bf954
|
@ -96,7 +96,7 @@ class UserAdmin(admin.ModelAdmin):
|
||||||
}, context_instance=template.RequestContext(request))
|
}, context_instance=template.RequestContext(request))
|
||||||
|
|
||||||
def user_change_password(self, request, id):
|
def user_change_password(self, request, id):
|
||||||
if not request.user.has_perm('auth.change_user'):
|
if not self.has_change_permission(request):
|
||||||
raise PermissionDenied
|
raise PermissionDenied
|
||||||
user = get_object_or_404(self.model, pk=id)
|
user = get_object_or_404(self.model, pk=id)
|
||||||
if request.method == 'POST':
|
if request.method == 'POST':
|
||||||
|
|
Loading…
Reference in New Issue