Improved the auth admin site to raise Http404 with a helpful error message if DEBUG is True, explaining why permission isn't denied. Refs #9866, and see also [9682]
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9683 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
parent
62362c6175
commit
be2697209b
|
@ -1,14 +1,14 @@
|
||||||
|
from django import template
|
||||||
|
from django.conf import settings
|
||||||
|
from django.contrib import admin
|
||||||
|
from django.contrib.auth.forms import UserCreationForm, UserChangeForm, AdminPasswordChangeForm
|
||||||
from django.contrib.auth.models import User, Group
|
from django.contrib.auth.models import User, Group
|
||||||
from django.core.exceptions import PermissionDenied
|
from django.core.exceptions import PermissionDenied
|
||||||
from django import template
|
from django.http import HttpResponseRedirect, Http404
|
||||||
from django.shortcuts import render_to_response, get_object_or_404
|
from django.shortcuts import render_to_response, get_object_or_404
|
||||||
from django.template import RequestContext
|
from django.template import RequestContext
|
||||||
from django.utils.html import escape
|
from django.utils.html import escape
|
||||||
from django.http import HttpResponseRedirect
|
|
||||||
from django.utils.translation import ugettext, ugettext_lazy as _
|
from django.utils.translation import ugettext, ugettext_lazy as _
|
||||||
from django.contrib.auth.forms import UserCreationForm, UserChangeForm, AdminPasswordChangeForm
|
|
||||||
from django.contrib import admin
|
|
||||||
|
|
||||||
class GroupAdmin(admin.ModelAdmin):
|
class GroupAdmin(admin.ModelAdmin):
|
||||||
search_fields = ('name',)
|
search_fields = ('name',)
|
||||||
|
@ -49,6 +49,10 @@ class UserAdmin(admin.ModelAdmin):
|
||||||
# disallow users from adding users if they don't have change
|
# disallow users from adding users if they don't have change
|
||||||
# permission.
|
# permission.
|
||||||
if not self.has_change_permission(request):
|
if not self.has_change_permission(request):
|
||||||
|
if self.has_add_permission(request) and settings.DEBUG:
|
||||||
|
# Raise Http404 in debug mode so that the user gets a helpful
|
||||||
|
# error message.
|
||||||
|
raise Http404('Your user does not have the "Change user" permission. In order to add users, Django requires that your user account have both the "Add user" and "Change user" permissions set.')
|
||||||
raise PermissionDenied
|
raise PermissionDenied
|
||||||
if request.method == 'POST':
|
if request.method == 'POST':
|
||||||
form = self.add_form(request.POST)
|
form = self.add_form(request.POST)
|
||||||
|
|
Loading…
Reference in New Issue