Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Fixed #550 -- Default admin template now checks user permissions, hid…

…ing apps/modules/actions for which the user doesn't have permissions. Thanks, Jason Huggins

git-svn-id: http://code.djangoproject.com/svn/django/trunk@684 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
commit 530cdb5a8dd8a1083b15719459c2425b71bace94 1 parent 572ac3e
@adrianholovaty adrianholovaty authored
View
45 django/conf/admin_templates/index.html
@@ -9,21 +9,38 @@
{% load adminapplist %}
{% get_admin_app_list as app_list %}
-{% for app in app_list %}
- <div class="module">
- <h2>{{ app.name }}</h2>
- <table>
- {% for model in app.models %}
- <tr>
- <th><a href="{{ model.admin_url }}">{{ model.name }}</a></th>
- <td class="x50"><a href="{{ model.admin_url }}add/" class="addlink">Add</a></td>
- <td class="x75"><a href="{{ model.admin_url }}" class="changelink">Change</a></td>
- </tr>
- {% endfor %}
- </table>
- </div>
-{% endfor %}
+{% if app_list %}
+ {% for app in app_list %}
+ <div class="module">
+ <h2>{{ app.name }}</h2>
+ <table>
+ {% for model in app.models %}
+ <tr>
+ {% if model.perms.change %}
+ <th><a href="{{ model.admin_url }}">{{ model.name }}</a></th>
+ {% else %}
+ <th>{{ model.name }}</th>
+ {% endif %}
+
+ {% if model.perms.add %}
+ <td class="x50"><a href="{{ model.admin_url }}add/" class="addlink">Add</a></td>
+ {% else %}
+ <td class="x50">&nbsp;</td>
+ {% endif %}
+ {% if model.perms.change %}
+ <td class="x75"><a href="{{ model.admin_url }}" class="changelink">Change</a></td>
+ {% else %}
+ <td class="x75">&nbsp;</td>
+ {% endif %}
+ </tr>
+ {% endfor %}
+ </table>
+ </div>
+ {% endfor %}
+{% else %}
+ <p>You don't have permission to edit anything.</p>
+{% endif %}
</div>
{% endblock %}
View
38 django/templatetags/adminapplist.py
@@ -8,16 +8,38 @@ def render(self, context):
from django.core import meta
from django.utils.text import capfirst
app_list = []
+ user = context['user']
+
for app in meta.get_installed_model_modules():
app_label = app.__name__[app.__name__.rindex('.')+1:]
- model_list = [{'name': capfirst(m._meta.verbose_name_plural),
- 'admin_url': '%s/%s/' % (app_label, m._meta.module_name)} \
- for m in app._MODELS if m._meta.admin]
- if model_list:
- app_list.append({
- 'name': app_label.title(),
- 'models': model_list,
- })
+ has_module_perms = user.has_module_perms(app_label)
+
+ if has_module_perms:
+ model_list = []
+ for m in app._MODELS:
+ if m._meta.admin:
+ module_name = m._meta.module_name
+ perms = {
+ 'add': user.has_perm("%s.%s" % (app_label, m._meta.get_add_permission())),
+ 'change': user.has_perm("%s.%s" % (app_label, m._meta.get_change_permission())),
+ 'delete': user.has_perm("%s.%s" % (app_label, m._meta.get_delete_permission())),
+ }
+
+ # Check whether user has any perm for this module.
+ # If so, add the module to the model_list.
+ if True in perms.values():
+ model_list.append({
+ 'name': capfirst(m._meta.verbose_name_plural),
+ 'admin_url': '%s/%s/' % (app_label, m._meta.module_name),
+ 'perms': perms,
+ })
+
+ if model_list:
+ app_list.append({
+ 'name': app_label.title(),
+ 'has_module_perms': has_module_perms,
+ 'models': model_list,
+ })
context[self.varname] = app_list
return ''
Please sign in to comment.
Something went wrong with that request. Please try again.