mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-10-31 09:41:08 +00:00
Code Issues 32 Releases Wiki Activity

Fixed #550 -- Default admin template now checks user permissions, hiding apps/modules/actions for which the user doesn't have permissions. Thanks, Jason Huggins

Browse Source 
git-svn-id: http://code.djangoproject.com/svn/django/trunk@684 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
Adrian Holovaty
2005-09-25 19:08:44 +00:00
parent 572ac3e7df
commit 530cdb5a8d
2 changed files with 61 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
django/conf/admin_templates/index.html
View File

@@ -9,21 +9,38 @@
{% load adminapplist %} {% load adminapplist %}
{% get_admin_app_list as app_list %} {% get_admin_app_list as app_list %}
{% if app_list %}
{% for app in app_list %} {% for app in app_list %}
<div class="module"> <div class="module">
<h2>{{ app.name }}</h2> <h2>{{ app.name }}</h2>
<table> <table>
{% for model in app.models %} {% for model in app.models %}
<tr> <tr>
{% if model.perms.change %}
<th><a href="{{ model.admin_url }}">{{ model.name }}</a></th> <th><a href="{{ model.admin_url }}">{{ model.name }}</a></th>
{% else %}
<th>{{ model.name }}</th>
{% endif %}
{% if model.perms.add %}
<td class="x50"><a href="{{ model.admin_url }}add/" class="addlink">Add</a></td> <td class="x50"><a href="{{ model.admin_url }}add/" class="addlink">Add</a></td>
{% else %}
<td class="x50">&nbsp;</td>
{% endif %}
{% if model.perms.change %}
<td class="x75"><a href="{{ model.admin_url }}" class="changelink">Change</a></td> <td class="x75"><a href="{{ model.admin_url }}" class="changelink">Change</a></td>
{% else %}
<td class="x75">&nbsp;</td>
{% endif %}
</tr> </tr>
{% endfor %} {% endfor %}
</table> </table>
</div> </div>
{% endfor %} {% endfor %}
{% else %}
<p>You don't have permission to edit anything.</p>
{% endif %}
</div> </div>
{% endblock %} {% endblock %}

28
django/templatetags/adminapplist.py
View File

@@ -8,14 +8,36 @@ class AdminApplistNode(template.Node):
from django.core import meta from django.core import meta
from django.utils.text import capfirst from django.utils.text import capfirst
app_list = [] app_list = []
user = context['user']
for app in meta.get_installed_model_modules(): for app in meta.get_installed_model_modules():
app_label = app.__name__[app.__name__.rindex('.')+1:] app_label = app.__name__[app.__name__.rindex('.')+1:]
model_list = [{'name': capfirst(m._meta.verbose_name_plural), has_module_perms = user.has_module_perms(app_label)
'admin_url': '%s/%s/' % (app_label, m._meta.module_name)} \
for m in app._MODELS if m._meta.admin] if has_module_perms:
model_list = []
for m in app._MODELS:
if m._meta.admin:
module_name = m._meta.module_name
perms = {
'add': user.has_perm("%s.%s" % (app_label, m._meta.get_add_permission())),
'change': user.has_perm("%s.%s" % (app_label, m._meta.get_change_permission())),
'delete': user.has_perm("%s.%s" % (app_label, m._meta.get_delete_permission())),
}
# Check whether user has any perm for this module.
# If so, add the module to the model_list.
if True in perms.values():
model_list.append({
'name': capfirst(m._meta.verbose_name_plural),
'admin_url': '%s/%s/' % (app_label, m._meta.module_name),
'perms': perms,
})
if model_list: if model_list:
app_list.append({ app_list.append({
'name': app_label.title(), 'name': app_label.title(),
'has_module_perms': has_module_perms,
'models': model_list, 'models': model_list,
}) })
context[self.varname] = app_list context[self.varname] = app_list