mirror of
https://github.com/django/django.git
synced 2025-10-24 14:16:09 +00:00
Fixed #2747 -- Make X-Headers work for staff members. Admins with dyanmic IP
addresses can now use bookmarklets. Thanks, Maximillian Dornseif. git-svn-id: http://code.djangoproject.com/svn/django/trunk@3786 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
1
AUTHORS
1
AUTHORS
@@ -68,6 +68,7 @@ answer newbie questions, and generally made Django that much better:
|
||||
Alex Dedul
|
||||
deric@monowerks.com
|
||||
dne@mayonnaise.net
|
||||
Maximillian Dornseif <md@hudora.de>
|
||||
Jeremy Dunck <http://dunck.us/>
|
||||
Andy Dustman <farcepest@gmail.com>
|
||||
Clint Ecker
|
||||
|
@@ -13,9 +13,10 @@ def populate_xheaders(request, response, model, object_id):
|
||||
"""
|
||||
Adds the "X-Object-Type" and "X-Object-Id" headers to the given
|
||||
HttpResponse according to the given model and object_id -- but only if the
|
||||
given HttpRequest object has an IP address within the INTERNAL_IPS setting.
|
||||
given HttpRequest object has an IP address within the INTERNAL_IPS setting
|
||||
or if the request is from a logged in staff member.
|
||||
"""
|
||||
from django.conf import settings
|
||||
if request.META.get('REMOTE_ADDR') in settings.INTERNAL_IPS:
|
||||
if request.META.get('REMOTE_ADDR') in settings.INTERNAL_IPS or (request.user.is_authenticated() and request.user.is_staff):
|
||||
response['X-Object-Type'] = "%s.%s" % (model._meta.app_label, model._meta.object_name.lower())
|
||||
response['X-Object-Id'] = str(object_id)
|
||||
|
@@ -7,11 +7,12 @@ class XViewMiddleware(object):
|
||||
"""
|
||||
def process_view(self, request, view_func, view_args, view_kwargs):
|
||||
"""
|
||||
If the request method is HEAD and the IP is internal, quickly return
|
||||
with an x-header indicating the view function. This is used by the
|
||||
documentation module to lookup the view function for an arbitrary page.
|
||||
If the request method is HEAD and either the IP is internal or the
|
||||
user is a logged-in staff member, quickly return with an x-header
|
||||
indicating the view function. This is used by the documentation module
|
||||
to lookup the view function for an arbitrary page.
|
||||
"""
|
||||
if request.method == 'HEAD' and request.META.get('REMOTE_ADDR') in settings.INTERNAL_IPS:
|
||||
if request.method == 'HEAD' and (request.META.get('REMOTE_ADDR') in settings.INTERNAL_IPS or (request.user.is_authenticated() and request.user.is_staff)):
|
||||
response = http.HttpResponse()
|
||||
response['X-View'] = "%s.%s" % (view_func.__module__, view_func.__name__)
|
||||
return response
|
||||
|
Reference in New Issue
Block a user