From 7339f43c718008394cf5c5119994f956e27bce70 Mon Sep 17 00:00:00 2001 From: Aymeric Augustin Date: Sun, 9 Mar 2014 20:29:00 +0100 Subject: [PATCH] Prevented admin from importing auth.User. Since we don't enforce order between apps, root packages of contrib apps cannot import models from unrelated apps. Fix #22005, refs #21719. --- django/contrib/admin/sites.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/django/contrib/admin/sites.py b/django/contrib/admin/sites.py index 90f160d450..efac3c7521 100644 --- a/django/contrib/admin/sites.py +++ b/django/contrib/admin/sites.py @@ -2,7 +2,6 @@ from functools import update_wrapper from django.http import Http404, HttpResponseRedirect from django.contrib.admin import ModelAdmin, actions from django.contrib.auth import REDIRECT_FIELD_NAME -from django.contrib.auth.views import redirect_to_login from django.views.decorators.csrf import csrf_protect from django.db.models.base import ModelBase from django.apps import apps @@ -195,6 +194,9 @@ class AdminSite(object): if request.path == reverse('admin:logout', current_app=self.name): index_path = reverse('admin:index', current_app=self.name) return HttpResponseRedirect(index_path) + # Inner import to prevent django.contrib.admin (app) from + # importing django.contrib.auth.models.User (unrelated model). + from django.contrib.auth.views import redirect_to_login return redirect_to_login( request.get_full_path(), reverse('admin:login', current_app=self.name)