From 339a320226fd6443bb8d64bcec26050fd22eaa40 Mon Sep 17 00:00:00 2001 From: Luke Plant Date: Fri, 24 Mar 2006 23:09:48 +0000 Subject: [PATCH] magic-removal: Fixed admin 'add' view so that after adding an object, the user is not redirected to a confusing 'permission denied' page if they don't have 'change' rights. git-svn-id: http://code.djangoproject.com/svn/django/branches/magic-removal@2562 bcc190cf-cafb-0310-a4f2-bffc1f526a37 --- django/contrib/admin/views/main.py | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/django/contrib/admin/views/main.py b/django/contrib/admin/views/main.py index 8e97f54aca..79894d4de0 100644 --- a/django/contrib/admin/views/main.py +++ b/django/contrib/admin/views/main.py @@ -223,7 +223,7 @@ def index(request): return render_to_response('admin/index', {'title': _('Site administration')}, context_instance=template.RequestContext(request)) index = staff_member_required(index) -def add_stage(request, app_label, model_name, show_delete=False, form_url='', post_url='../', post_url_continue='../%s/', object_id_override=None): +def add_stage(request, app_label, model_name, show_delete=False, form_url='', post_url=None, post_url_continue='../%s/', object_id_override=None): model = models.get_model(app_label, model_name) if model is None: raise Http404, "App %r, model %r, not found" % (app_label, model_name) @@ -232,6 +232,14 @@ def add_stage(request, app_label, model_name, show_delete=False, form_url='', po if not request.user.has_perm(app_label + '.' + opts.get_add_permission()): raise PermissionDenied + if post_url is None: + if request.user.has_perm(app_label + '.' + opts.get_change_permission()): + # redirect to list view + post_url = '../' + else: + # Object list will give 'Permission Denied', so go back to admin home + post_url = '../../../' + manipulator = model.AddManipulator() if request.POST: new_data = request.POST.copy()