From 0fee26935dc5ceae35d19e0c85321df4013d3701 Mon Sep 17 00:00:00 2001 From: Malcolm Tredinnick Date: Fri, 22 Sep 2006 03:17:28 +0000 Subject: [PATCH] Fixed #2747 -- Make X-Headers work for staff members. Admins with dyanmic IP addresses can now use bookmarklets. Thanks, Maximillian Dornseif. git-svn-id: http://code.djangoproject.com/svn/django/trunk@3786 bcc190cf-cafb-0310-a4f2-bffc1f526a37 --- AUTHORS | 1 + django/core/xheaders.py | 5 +++-- django/middleware/doc.py | 9 +++++---- 3 files changed, 9 insertions(+), 6 deletions(-) diff --git a/AUTHORS b/AUTHORS index 5aa3f90ebeb..0f80baf81a7 100644 --- a/AUTHORS +++ b/AUTHORS @@ -68,6 +68,7 @@ answer newbie questions, and generally made Django that much better: Alex Dedul deric@monowerks.com dne@mayonnaise.net + Maximillian Dornseif Jeremy Dunck Andy Dustman Clint Ecker diff --git a/django/core/xheaders.py b/django/core/xheaders.py index e173bcbca86..69f61158392 100644 --- a/django/core/xheaders.py +++ b/django/core/xheaders.py @@ -13,9 +13,10 @@ def populate_xheaders(request, response, model, object_id): """ Adds the "X-Object-Type" and "X-Object-Id" headers to the given HttpResponse according to the given model and object_id -- but only if the - given HttpRequest object has an IP address within the INTERNAL_IPS setting. + given HttpRequest object has an IP address within the INTERNAL_IPS setting + or if the request is from a logged in staff member. """ from django.conf import settings - if request.META.get('REMOTE_ADDR') in settings.INTERNAL_IPS: + if request.META.get('REMOTE_ADDR') in settings.INTERNAL_IPS or (request.user.is_authenticated() and request.user.is_staff): response['X-Object-Type'] = "%s.%s" % (model._meta.app_label, model._meta.object_name.lower()) response['X-Object-Id'] = str(object_id) diff --git a/django/middleware/doc.py b/django/middleware/doc.py index 6600e588cdf..48c155c3924 100644 --- a/django/middleware/doc.py +++ b/django/middleware/doc.py @@ -7,11 +7,12 @@ class XViewMiddleware(object): """ def process_view(self, request, view_func, view_args, view_kwargs): """ - If the request method is HEAD and the IP is internal, quickly return - with an x-header indicating the view function. This is used by the - documentation module to lookup the view function for an arbitrary page. + If the request method is HEAD and either the IP is internal or the + user is a logged-in staff member, quickly return with an x-header + indicating the view function. This is used by the documentation module + to lookup the view function for an arbitrary page. """ - if request.method == 'HEAD' and request.META.get('REMOTE_ADDR') in settings.INTERNAL_IPS: + if request.method == 'HEAD' and (request.META.get('REMOTE_ADDR') in settings.INTERNAL_IPS or (request.user.is_authenticated() and request.user.is_staff)): response = http.HttpResponse() response['X-View'] = "%s.%s" % (view_func.__module__, view_func.__name__) return response