Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

Fixed #2747 -- Make X-Headers work for staff members. Admins with dya…

…nmic IP

addresses can now use bookmarklets. Thanks, Maximillian Dornseif.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@3786 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
commit 0fee26935dc5ceae35d19e0c85321df4013d3701 1 parent 8feee92
Malcolm Tredinnick authored September 22, 2006
1  AUTHORS
@@ -68,6 +68,7 @@ answer newbie questions, and generally made Django that much better:
68 68
     Alex Dedul
69 69
     deric@monowerks.com
70 70
     dne@mayonnaise.net
  71
+    Maximillian Dornseif <md@hudora.de>
71 72
     Jeremy Dunck <http://dunck.us/>
72 73
     Andy Dustman <farcepest@gmail.com>
73 74
     Clint Ecker
5  django/core/xheaders.py
@@ -13,9 +13,10 @@ def populate_xheaders(request, response, model, object_id):
13 13
     """
14 14
     Adds the "X-Object-Type" and "X-Object-Id" headers to the given
15 15
     HttpResponse according to the given model and object_id -- but only if the
16  
-    given HttpRequest object has an IP address within the INTERNAL_IPS setting.
  16
+    given HttpRequest object has an IP address within the INTERNAL_IPS setting
  17
+    or if the request is from a logged in staff member.
17 18
     """
18 19
     from django.conf import settings
19  
-    if request.META.get('REMOTE_ADDR') in settings.INTERNAL_IPS:
  20
+    if request.META.get('REMOTE_ADDR') in settings.INTERNAL_IPS or (request.user.is_authenticated() and request.user.is_staff):
20 21
         response['X-Object-Type'] = "%s.%s" % (model._meta.app_label, model._meta.object_name.lower())
21 22
         response['X-Object-Id'] = str(object_id)
9  django/middleware/doc.py
@@ -7,11 +7,12 @@ class XViewMiddleware(object):
7 7
     """
8 8
     def process_view(self, request, view_func, view_args, view_kwargs):
9 9
         """
10  
-        If the request method is HEAD and the IP is internal, quickly return
11  
-        with an x-header indicating the view function.  This is used by the
12  
-        documentation module to lookup the view function for an arbitrary page.
  10
+        If the request method is HEAD and either the IP is internal or the
  11
+        user is a logged-in staff member, quickly return with an x-header
  12
+        indicating the view function.  This is used by the documentation module
  13
+        to lookup the view function for an arbitrary page.
13 14
         """
14  
-        if request.method == 'HEAD' and request.META.get('REMOTE_ADDR') in settings.INTERNAL_IPS:
  15
+        if request.method == 'HEAD' and (request.META.get('REMOTE_ADDR') in settings.INTERNAL_IPS or (request.user.is_authenticated() and request.user.is_staff)):
15 16
             response = http.HttpResponse()
16 17
             response['X-View'] = "%s.%s" % (view_func.__module__, view_func.__name__)
17 18
             return response

0 notes on commit 0fee269

Please sign in to comment.
Something went wrong with that request. Please try again.