Improved the auth admin site to raise Http404 with a helpful error message if DEBUG is True, explaining why permission isn't denied. Refs #9866, and see also [9682]

git-svn-id: http://code.djangoproject.com/svn/django/trunk@9683 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
Adrian Holovaty 2008-12-25 06:17:42 +00:00
parent 62362c6175
commit be2697209b
1 changed files with 9 additions and 5 deletions

View File

@ -1,14 +1,14 @@
from django import template
from django.conf import settings
from django.contrib import admin
from django.contrib.auth.forms import UserCreationForm, UserChangeForm, AdminPasswordChangeForm
from django.contrib.auth.models import User, Group from django.contrib.auth.models import User, Group
from django.core.exceptions import PermissionDenied from django.core.exceptions import PermissionDenied
from django import template from django.http import HttpResponseRedirect, Http404
from django.shortcuts import render_to_response, get_object_or_404 from django.shortcuts import render_to_response, get_object_or_404
from django.template import RequestContext from django.template import RequestContext
from django.utils.html import escape from django.utils.html import escape
from django.http import HttpResponseRedirect
from django.utils.translation import ugettext, ugettext_lazy as _ from django.utils.translation import ugettext, ugettext_lazy as _
from django.contrib.auth.forms import UserCreationForm, UserChangeForm, AdminPasswordChangeForm
from django.contrib import admin
class GroupAdmin(admin.ModelAdmin): class GroupAdmin(admin.ModelAdmin):
search_fields = ('name',) search_fields = ('name',)
@ -49,6 +49,10 @@ class UserAdmin(admin.ModelAdmin):
# disallow users from adding users if they don't have change # disallow users from adding users if they don't have change
# permission. # permission.
if not self.has_change_permission(request): if not self.has_change_permission(request):
if self.has_add_permission(request) and settings.DEBUG:
# Raise Http404 in debug mode so that the user gets a helpful
# error message.
raise Http404('Your user does not have the "Change user" permission. In order to add users, Django requires that your user account have both the "Add user" and "Change user" permissions set.')
raise PermissionDenied raise PermissionDenied
if request.method == 'POST': if request.method == 'POST':
form = self.add_form(request.POST) form = self.add_form(request.POST)