Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Disabled access to the admin site for inactive accounts, and clarifie…

…d documentation regarding User.is_active. Thanks to Enrico <rico.bl@gmail.com> for the report.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@3884 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
commit 14fb13da7ef3137a6b166c77724c3d790795e212 1 parent fa8a1d2
Russell Keith-Magee freakboy3742 authored
2  django/contrib/admin/views/decorators.py
View
@@ -87,7 +87,7 @@ def _checklogin(request, *args, **kwargs):
# The user data is correct; log in the user in and continue.
else:
- if user.is_staff:
+ if user.is_active and user.is_staff:
login(request, user)
# TODO: set last_login with an event.
user.last_login = datetime.datetime.now()
4 docs/authentication.txt
View
@@ -66,8 +66,8 @@ Fields
long and can contain any character. See the "Passwords" section below.
* ``is_staff`` -- Boolean. Designates whether this user can access the
admin site.
- * ``is_active`` -- Boolean. Designates whether this user can log into the
- Django admin. Set this to ``False`` instead of deleting accounts.
+ * ``is_active`` -- Boolean. Designates whether this account can be used
+ to log in. Set this flag to ``False`` instead of deleting accounts.
* ``is_superuser`` -- Boolean. Designates that this user has all permissions
without explicitly assigning them.
* ``last_login`` -- A datetime of the user's last login. Is set to the
Please sign in to comment.
Something went wrong with that request. Please try again.