Fixed #2747 -- Make X-Headers work for staff members. Admins with dyanmic IP

addresses can now use bookmarklets. Thanks, Maximillian Dornseif.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@3786 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
Malcolm Tredinnick 2006-09-22 03:17:28 +00:00
parent 8feee92045
commit 0fee26935d
3 changed files with 9 additions and 6 deletions

View File

@ -68,6 +68,7 @@ answer newbie questions, and generally made Django that much better:
Alex Dedul
deric@monowerks.com
dne@mayonnaise.net
Maximillian Dornseif <md@hudora.de>
Jeremy Dunck <http://dunck.us/>
Andy Dustman <farcepest@gmail.com>
Clint Ecker

View File

@ -13,9 +13,10 @@ def populate_xheaders(request, response, model, object_id):
"""
Adds the "X-Object-Type" and "X-Object-Id" headers to the given
HttpResponse according to the given model and object_id -- but only if the
given HttpRequest object has an IP address within the INTERNAL_IPS setting.
given HttpRequest object has an IP address within the INTERNAL_IPS setting
or if the request is from a logged in staff member.
"""
from django.conf import settings
if request.META.get('REMOTE_ADDR') in settings.INTERNAL_IPS:
if request.META.get('REMOTE_ADDR') in settings.INTERNAL_IPS or (request.user.is_authenticated() and request.user.is_staff):
response['X-Object-Type'] = "%s.%s" % (model._meta.app_label, model._meta.object_name.lower())
response['X-Object-Id'] = str(object_id)

View File

@ -7,11 +7,12 @@ class XViewMiddleware(object):
"""
def process_view(self, request, view_func, view_args, view_kwargs):
"""
If the request method is HEAD and the IP is internal, quickly return
with an x-header indicating the view function. This is used by the
documentation module to lookup the view function for an arbitrary page.
If the request method is HEAD and either the IP is internal or the
user is a logged-in staff member, quickly return with an x-header
indicating the view function. This is used by the documentation module
to lookup the view function for an arbitrary page.
"""
if request.method == 'HEAD' and request.META.get('REMOTE_ADDR') in settings.INTERNAL_IPS:
if request.method == 'HEAD' and (request.META.get('REMOTE_ADDR') in settings.INTERNAL_IPS or (request.user.is_authenticated() and request.user.is_staff)):
response = http.HttpResponse()
response['X-View'] = "%s.%s" % (view_func.__module__, view_func.__name__)
return response