Added staff_member_required and permission check to django.contrib.admin.views.auth.user_add_stage() -- thanks, Robert Bunting

git-svn-id: http://code.djangoproject.com/svn/django/trunk@3736 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-09-08 05:38:38 +00:00 · 2006-09-08 05:38:38 +00:00 · e9b19df3ee
parent 8aa6a94e1a
commit e9b19df3ee
1 changed files with 4 additions and 0 deletions
--- a/django/contrib/admin/views/auth.py
+++ b/django/contrib/admin/views/auth.py
@ -1,3 +1,4 @@
+from django.contrib.admin.views.decorators import staff_member_required
 from django.contrib.auth.forms import UserCreationForm
 from django.contrib.auth.models import User
 from django import forms, template
@ -5,6 +6,8 @@ from django.shortcuts import render_to_response
 from django.http import HttpResponseRedirect

 def user_add_stage(request):
+    if not request.user.has_perm('auth.change_user'):
+        raise PermissionDenied
    manipulator = UserCreationForm()
    if request.method == 'POST':
        new_data = request.POST.copy()
@ -37,3 +40,4 @@ def user_add_stage(request):
        'opts': User._meta,
        'username_help_text': User._meta.get_field('username').help_text,
    }, context_instance=template.RequestContext(request))
+user_add_stage = staff_member_required(user_add_stage)