Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Fixed #9036: unified the permission checking in `AdminSite`, pushing …

…it down to the `ModelAdmin` where it belongs.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@10451 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
commit 7d1b4295b9779788b4cbd4b7bb99240807c62aa3 1 parent 28f6b71
@jacobian jacobian authored
Showing with 15 additions and 10 deletions.
  1. +12 −0 django/contrib/admin/options.py
  2. +3 −10 django/contrib/admin/sites.py
View
12 django/contrib/admin/options.py
@@ -291,6 +291,18 @@ def has_delete_permission(self, request, obj=None):
opts = self.opts
return request.user.has_perm(opts.app_label + '.' + opts.get_delete_permission())
+ def get_model_perms(self, request):
+ """
+ Returns a dict of all perms for this model. This dict has the keys
+ ``add``, ``change``, and ``delete`` mapping to the True/False for each
+ of those actions.
+ """
+ return {
+ 'add': self.has_add_permission(request),
+ 'change': self.has_change_permission(request),
+ 'delete': self.has_delete_permission(request),
+ }
+
def queryset(self, request):
"""
Returns a QuerySet of all model instances that can be edited by the
View
13 django/contrib/admin/sites.py
@@ -328,11 +328,7 @@ def index(self, request, extra_context=None):
has_module_perms = user.has_module_perms(app_label)
if has_module_perms:
- perms = {
- 'add': model_admin.has_add_permission(request),
- 'change': model_admin.has_change_permission(request),
- 'delete': model_admin.has_delete_permission(request),
- }
+ perms = model_admin.get_model_perms(request)
# Check whether user has any perm for this module.
# If so, add the module to the model_list.
@@ -391,11 +387,8 @@ def app_index(self, request, app_label, extra_context=None):
for model, model_admin in self._registry.items():
if app_label == model._meta.app_label:
if has_module_perms:
- perms = {
- 'add': user.has_perm("%s.%s" % (app_label, model._meta.get_add_permission())),
- 'change': user.has_perm("%s.%s" % (app_label, model._meta.get_change_permission())),
- 'delete': user.has_perm("%s.%s" % (app_label, model._meta.get_delete_permission())),
- }
+ perms = model_admin.get_model_perms(request)
+
# Check whether user has any perm for this module.
# If so, add the module to the model_list.
if True in perms.values():
Please sign in to comment.
Something went wrong with that request. Please try again.