Permalink
Browse files

Fixes #235 admin perms for non-superusers

Also, prevent elevation of privileges
  • Loading branch information...
mivanov committed Mar 22, 2012
1 parent 2cf1814 commit 1920db09e7c6c2e909cd1e3d0079a36b4f353350
Showing with 10 additions and 1 deletion.
  1. +7 −1 sapling/users/admin.py
  2. +3 −0 sapling/users/backends.py
View
@@ -14,11 +14,17 @@ class CensoredUserAdmin(UserAdmin):
fieldsets = (
(None, {'fields': ('username',)}),
(_('Personal info'), {'fields': ('first_name', 'last_name')}),
- (_('Permissions'), {'fields': ('is_active', 'is_staff', 'is_superuser', 'user_permissions')}),
+ (_('Permissions'), {'fields': ('is_active', 'is_staff', 'is_superuser',
+ 'user_permissions')}),
(_('Important dates'), {'fields': ('last_login', 'date_joined')}),
(_('Groups'), {'fields': ('groups',)}),
)
+ def get_readonly_fields(self, request, obj=None):
+ if not request.user.is_superuser:
+ return self.readonly_fields + ('is_staff', 'is_superuser',)
+ return self.readonly_fields
+
admin.site.unregister(User)
admin.site.register(User, CensoredUserAdmin)
@@ -85,6 +85,9 @@ def object_has_perms(self, obj):
or
UserObjectPermission.objects.filter(object_pk=obj.pk).exists())
+ def has_module_perms(self, user_obj, app_label):
+ return self._model_backend.has_module_perms(user_obj, app_label)
+
ANONYMOUS_USER_ID = settings.ANONYMOUS_USER_ID # we *want* error if not set
BANNED_GROUP = getattr(settings, "USERS_BANNED_GROUP", None)
LOGGED_IN_HAS_PERM = getattr(settings, "USERS_LOGGED_IN_HAS_PERM", False)

0 comments on commit 1920db0

Please sign in to comment.