1
0
mirror of https://github.com/django/django.git synced 2025-10-24 06:06:09 +00:00

Fixed #2747 -- Make X-Headers work for staff members. Admins with dyanmic IP

addresses can now use bookmarklets. Thanks, Maximillian Dornseif.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@3786 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
Malcolm Tredinnick
2006-09-22 03:17:28 +00:00
parent 8feee92045
commit 0fee26935d
3 changed files with 9 additions and 6 deletions

View File

@@ -68,6 +68,7 @@ answer newbie questions, and generally made Django that much better:
Alex Dedul Alex Dedul
deric@monowerks.com deric@monowerks.com
dne@mayonnaise.net dne@mayonnaise.net
Maximillian Dornseif <md@hudora.de>
Jeremy Dunck <http://dunck.us/> Jeremy Dunck <http://dunck.us/>
Andy Dustman <farcepest@gmail.com> Andy Dustman <farcepest@gmail.com>
Clint Ecker Clint Ecker

View File

@@ -13,9 +13,10 @@ def populate_xheaders(request, response, model, object_id):
""" """
Adds the "X-Object-Type" and "X-Object-Id" headers to the given Adds the "X-Object-Type" and "X-Object-Id" headers to the given
HttpResponse according to the given model and object_id -- but only if the HttpResponse according to the given model and object_id -- but only if the
given HttpRequest object has an IP address within the INTERNAL_IPS setting. given HttpRequest object has an IP address within the INTERNAL_IPS setting
or if the request is from a logged in staff member.
""" """
from django.conf import settings from django.conf import settings
if request.META.get('REMOTE_ADDR') in settings.INTERNAL_IPS: if request.META.get('REMOTE_ADDR') in settings.INTERNAL_IPS or (request.user.is_authenticated() and request.user.is_staff):
response['X-Object-Type'] = "%s.%s" % (model._meta.app_label, model._meta.object_name.lower()) response['X-Object-Type'] = "%s.%s" % (model._meta.app_label, model._meta.object_name.lower())
response['X-Object-Id'] = str(object_id) response['X-Object-Id'] = str(object_id)

View File

@@ -7,11 +7,12 @@ class XViewMiddleware(object):
""" """
def process_view(self, request, view_func, view_args, view_kwargs): def process_view(self, request, view_func, view_args, view_kwargs):
""" """
If the request method is HEAD and the IP is internal, quickly return If the request method is HEAD and either the IP is internal or the
with an x-header indicating the view function. This is used by the user is a logged-in staff member, quickly return with an x-header
documentation module to lookup the view function for an arbitrary page. indicating the view function. This is used by the documentation module
to lookup the view function for an arbitrary page.
""" """
if request.method == 'HEAD' and request.META.get('REMOTE_ADDR') in settings.INTERNAL_IPS: if request.method == 'HEAD' and (request.META.get('REMOTE_ADDR') in settings.INTERNAL_IPS or (request.user.is_authenticated() and request.user.is_staff)):
response = http.HttpResponse() response = http.HttpResponse()
response['X-View'] = "%s.%s" % (view_func.__module__, view_func.__name__) response['X-View'] = "%s.%s" % (view_func.__module__, view_func.__name__)
return response return response