mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-07-04 09:49:12 +00:00
Code Issues 32 Releases Wiki Activity

newforms-admin: Changed ModelAdmin.has_change_permission to take obj instead of object_id, which is a lot more convenient

Browse Source 
git-svn-id: http://code.djangoproject.com/svn/django/branches/newforms-admin@4582 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
Adrian Holovaty 2007-02-25 20:27:41 +00:00
parent 1bedf002a4
commit 064e97dccb
1 changed files with 18 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
django/contrib/admin/options.py
View File

@ -246,10 +246,13 @@ class ModelAdmin(object):
opts = self.opts opts = self.opts
return request.user.has_perm(opts.app_label + '.' + opts.get_add_permission()) return request.user.has_perm(opts.app_label + '.' + opts.get_add_permission())
def has_change_permission(self, request, object_id): def has_change_permission(self, request, obj):
""" """
Returns True if the given request has permission to change the object Returns True if the given request has permission to change the given
with the given object_id. Django model instance.
If `obj` is None, this should return True if the given request has
permission to change *any* object of the given type.
""" """
opts = self.opts opts = self.opts
return request.user.has_perm(opts.app_label + '.' + opts.get_change_permission()) return request.user.has_perm(opts.app_label + '.' + opts.get_change_permission())
@ -386,17 +389,23 @@ class ModelAdmin(object):
opts = model._meta opts = model._meta
app_label = opts.app_label app_label = opts.app_label
if not self.has_change_permission(request, object_id):
raise PermissionDenied
if request.POST and request.POST.has_key("_saveasnew"):
return self.add_view(request, form_url='../../add/')
try: try:
obj = model._default_manager.get(pk=object_id) obj = model._default_manager.get(pk=object_id)
except model.DoesNotExist: except model.DoesNotExist:
# Don't raise Http404 just yet, because we haven't checked
# permissions yet. We don't want an unauthenticated user to be able
# to determine whether a given object exists.
obj = None
if not self.has_change_permission(request, obj):
raise PermissionDenied
if obj is None:
raise Http404('%s object with primary key %r does not exist.' % (opts.verbose_name, escape(object_id))) raise Http404('%s object with primary key %r does not exist.' % (opts.verbose_name, escape(object_id)))
if request.POST and request.POST.has_key("_saveasnew"):
return self.add_view(request, form_url='../../add/')
ModelForm = forms.form_for_instance(obj, formfield_callback=self.formfield_for_dbfield) ModelForm = forms.form_for_instance(obj, formfield_callback=self.formfield_for_dbfield)
if request.POST: if request.POST: