From e9b19df3ee04b9ea0e9a11012f956e9907579f5d Mon Sep 17 00:00:00 2001 From: Adrian Holovaty Date: Fri, 8 Sep 2006 05:38:38 +0000 Subject: [PATCH] Added staff_member_required and permission check to django.contrib.admin.views.auth.user_add_stage() -- thanks, Robert Bunting git-svn-id: http://code.djangoproject.com/svn/django/trunk@3736 bcc190cf-cafb-0310-a4f2-bffc1f526a37 --- django/contrib/admin/views/auth.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/django/contrib/admin/views/auth.py b/django/contrib/admin/views/auth.py index d09075c2a1..42230050cc 100644 --- a/django/contrib/admin/views/auth.py +++ b/django/contrib/admin/views/auth.py @@ -1,3 +1,4 @@ +from django.contrib.admin.views.decorators import staff_member_required from django.contrib.auth.forms import UserCreationForm from django.contrib.auth.models import User from django import forms, template @@ -5,6 +6,8 @@ from django.shortcuts import render_to_response from django.http import HttpResponseRedirect def user_add_stage(request): + if not request.user.has_perm('auth.change_user'): + raise PermissionDenied manipulator = UserCreationForm() if request.method == 'POST': new_data = request.POST.copy() @@ -37,3 +40,4 @@ def user_add_stage(request): 'opts': User._meta, 'username_help_text': User._meta.get_field('username').help_text, }, context_instance=template.RequestContext(request)) +user_add_stage = staff_member_required(user_add_stage)