Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Fixed #2747 -- Make X-Headers work for staff members. Admins with dya…

…nmic IP

addresses can now use bookmarklets. Thanks, Maximillian Dornseif.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@3786 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
commit 0fee26935dc5ceae35d19e0c85321df4013d3701 1 parent 8feee92
@malcolmt malcolmt authored
Showing with 9 additions and 6 deletions.
  1. +1 −0  AUTHORS
  2. +3 −2 django/core/xheaders.py
  3. +5 −4 django/middleware/doc.py
View
1  AUTHORS
@@ -68,6 +68,7 @@ answer newbie questions, and generally made Django that much better:
Alex Dedul
deric@monowerks.com
dne@mayonnaise.net
+ Maximillian Dornseif <md@hudora.de>
Jeremy Dunck <http://dunck.us/>
Andy Dustman <farcepest@gmail.com>
Clint Ecker
View
5 django/core/xheaders.py
@@ -13,9 +13,10 @@ def populate_xheaders(request, response, model, object_id):
"""
Adds the "X-Object-Type" and "X-Object-Id" headers to the given
HttpResponse according to the given model and object_id -- but only if the
- given HttpRequest object has an IP address within the INTERNAL_IPS setting.
+ given HttpRequest object has an IP address within the INTERNAL_IPS setting
+ or if the request is from a logged in staff member.
"""
from django.conf import settings
- if request.META.get('REMOTE_ADDR') in settings.INTERNAL_IPS:
+ if request.META.get('REMOTE_ADDR') in settings.INTERNAL_IPS or (request.user.is_authenticated() and request.user.is_staff):
response['X-Object-Type'] = "%s.%s" % (model._meta.app_label, model._meta.object_name.lower())
response['X-Object-Id'] = str(object_id)
View
9 django/middleware/doc.py
@@ -7,11 +7,12 @@ class XViewMiddleware(object):
"""
def process_view(self, request, view_func, view_args, view_kwargs):
"""
- If the request method is HEAD and the IP is internal, quickly return
- with an x-header indicating the view function. This is used by the
- documentation module to lookup the view function for an arbitrary page.
+ If the request method is HEAD and either the IP is internal or the
+ user is a logged-in staff member, quickly return with an x-header
+ indicating the view function. This is used by the documentation module
+ to lookup the view function for an arbitrary page.
"""
- if request.method == 'HEAD' and request.META.get('REMOTE_ADDR') in settings.INTERNAL_IPS:
+ if request.method == 'HEAD' and (request.META.get('REMOTE_ADDR') in settings.INTERNAL_IPS or (request.user.is_authenticated() and request.user.is_staff)):
response = http.HttpResponse()
response['X-View'] = "%s.%s" % (view_func.__module__, view_func.__name__)
return response
Please sign in to comment.
Something went wrong with that request. Please try again.