Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Disabled access to the admin site for inactive accounts, and clarifie…

…d documentation regarding User.is_active. Thanks to Enrico <rico.bl@gmail.com> for the report.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@3884 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
commit 14fb13da7ef3137a6b166c77724c3d790795e212 1 parent fa8a1d2
@freakboy3742 freakboy3742 authored
View
2  django/contrib/admin/views/decorators.py
@@ -87,7 +87,7 @@ def _checklogin(request, *args, **kwargs):
# The user data is correct; log in the user in and continue.
else:
- if user.is_staff:
+ if user.is_active and user.is_staff:
login(request, user)
# TODO: set last_login with an event.
user.last_login = datetime.datetime.now()
View
4 docs/authentication.txt
@@ -66,8 +66,8 @@ Fields
long and can contain any character. See the "Passwords" section below.
* ``is_staff`` -- Boolean. Designates whether this user can access the
admin site.
- * ``is_active`` -- Boolean. Designates whether this user can log into the
- Django admin. Set this to ``False`` instead of deleting accounts.
+ * ``is_active`` -- Boolean. Designates whether this account can be used
+ to log in. Set this flag to ``False`` instead of deleting accounts.
* ``is_superuser`` -- Boolean. Designates that this user has all permissions
without explicitly assigning them.
* ``last_login`` -- A datetime of the user's last login. Is set to the
Please sign in to comment.
Something went wrong with that request. Please try again.