Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

Fixed #550 -- Default admin template now checks user permissions, hid…

…ing apps/modules/actions for which the user doesn't have permissions. Thanks, Jason Huggins

git-svn-id: http://code.djangoproject.com/svn/django/trunk@684 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
commit 530cdb5a8dd8a1083b15719459c2425b71bace94 1 parent 572ac3e
Adrian Holovaty authored September 25, 2005
45  django/conf/admin_templates/index.html
@@ -9,21 +9,38 @@
9 9
 {% load adminapplist %}
10 10
 
11 11
 {% get_admin_app_list as app_list %}
12  
-{% for app in app_list %}
13  
-    <div class="module">
14  
-    <h2>{{ app.name }}</h2>
15  
-    <table>
16  
-    {% for model in app.models %}
17  
-        <tr>
18  
-            <th><a href="{{ model.admin_url }}">{{ model.name }}</a></th>
19  
-            <td class="x50"><a href="{{ model.admin_url }}add/" class="addlink">Add</a></td>
20  
-            <td class="x75"><a href="{{ model.admin_url }}" class="changelink">Change</a></td>
21  
-        </tr>
22  
-    {% endfor %}
23  
-    </table>
24  
-    </div>
25  
-{% endfor %}
  12
+{% if app_list %}
  13
+    {% for app in app_list %}
  14
+        <div class="module">
  15
+        <h2>{{ app.name }}</h2>
  16
+        <table>
  17
+        {% for model in app.models %}
  18
+            <tr>
  19
+            {% if model.perms.change %}
  20
+                <th><a href="{{ model.admin_url }}">{{ model.name }}</a></th>
  21
+            {% else %}
  22
+                <th>{{ model.name }}</th>
  23
+            {% endif %}
  24
+
  25
+            {% if model.perms.add %}
  26
+                <td class="x50"><a href="{{ model.admin_url }}add/" class="addlink">Add</a></td>
  27
+            {% else %}
  28
+                <td class="x50">&nbsp;</td>
  29
+            {% endif %}
26 30
 
  31
+            {% if model.perms.change %}
  32
+                <td class="x75"><a href="{{ model.admin_url }}" class="changelink">Change</a></td>
  33
+            {% else %}
  34
+                <td class="x75">&nbsp;</td>
  35
+            {% endif %}
  36
+            </tr>
  37
+        {% endfor %}
  38
+        </table>
  39
+        </div>
  40
+    {% endfor %}
  41
+{% else %}
  42
+    <p>You don't have permission to edit anything.</p>
  43
+{% endif %}
27 44
 </div>
28 45
 {% endblock %}
29 46
 
38  django/templatetags/adminapplist.py
@@ -8,16 +8,38 @@ def render(self, context):
8 8
         from django.core import meta
9 9
         from django.utils.text import capfirst
10 10
         app_list = []
  11
+        user = context['user']
  12
+
11 13
         for app in meta.get_installed_model_modules():
12 14
             app_label = app.__name__[app.__name__.rindex('.')+1:]
13  
-            model_list = [{'name': capfirst(m._meta.verbose_name_plural),
14  
-                            'admin_url': '%s/%s/' % (app_label, m._meta.module_name)} \
15  
-                            for m in app._MODELS if m._meta.admin]
16  
-            if model_list:
17  
-                app_list.append({
18  
-                    'name': app_label.title(),
19  
-                    'models': model_list,
20  
-                })
  15
+            has_module_perms = user.has_module_perms(app_label)
  16
+
  17
+            if has_module_perms:
  18
+                model_list = []
  19
+                for m in app._MODELS:
  20
+                    if m._meta.admin:
  21
+                        module_name = m._meta.module_name
  22
+                        perms = {
  23
+                            'add': user.has_perm("%s.%s" % (app_label, m._meta.get_add_permission())),
  24
+                            'change': user.has_perm("%s.%s" % (app_label, m._meta.get_change_permission())),
  25
+                            'delete': user.has_perm("%s.%s" % (app_label, m._meta.get_delete_permission())),
  26
+                        }
  27
+
  28
+                        # Check whether user has any perm for this module.
  29
+                        # If so, add the module to the model_list.
  30
+                        if True in perms.values():
  31
+                            model_list.append({
  32
+                                'name': capfirst(m._meta.verbose_name_plural),
  33
+                                'admin_url': '%s/%s/' % (app_label, m._meta.module_name),
  34
+                                'perms': perms,
  35
+                            })
  36
+
  37
+                if model_list:
  38
+                    app_list.append({
  39
+                        'name': app_label.title(),
  40
+                        'has_module_perms': has_module_perms,
  41
+                        'models': model_list,
  42
+                    })
21 43
         context[self.varname] = app_list
22 44
         return ''
23 45
 

0 notes on commit 530cdb5

Please sign in to comment.
Something went wrong with that request. Please try again.