Ticket #8049: 8049.diff

File 8049.diff, 10.8 KB (added by Ivan Sagalaev, 15 years ago)

Patch

  • django/contrib/admin/sites.py

    === modified file 'django/contrib/admin/sites.py'
     
    139139        Returns True if the given HttpRequest has permission to view
    140140        *at least one* page in the admin site.
    141141        """
    142         return request.user.is_staff
     142        return request.user.is_active and request.user.is_staff
    143143
    144144    def check_dependencies(self):
    145145        """
  • django/contrib/admin/templates/admin/base.html

    === modified file 'django/contrib/admin/templates/admin/base.html'
     
    2222        <div id="branding">
    2323        {% block branding %}{% endblock %}
    2424        </div>
    25         {% if user.is_staff %}
     25        {% if user.is_active and user.is_staff %}
    2626        <div id="user-tools">
    2727            {% trans 'Welcome,' %}
    2828            <strong>{% firstof user.first_name user.username %}</strong>.
  • django/contrib/admin/views/decorators.py

    === modified file 'django/contrib/admin/views/decorators.py'
     
    2828    member, displaying the login page if necessary.
    2929    """
    3030    def _checklogin(request, *args, **kwargs):
    31         if request.user.is_staff:
     31        if request.user.is_active and request.user.is_staff:
    3232            # The user is valid. Continue to the admin page.
    3333            return view_func(request, *args, **kwargs)
    3434
  • django/contrib/auth/tests/auth_backends.py

    === modified file 'django/contrib/auth/tests/auth_backends.py'
     
    2929        user.is_superuser = False
    3030        user.save()
    3131        self.assertEqual(user.has_perm('auth.test'), False)
     32        user.is_staff = True
     33        user.is_superuser = True
     34        user.is_active = False
     35        user.save()
     36        self.assertEqual(user.has_perm('auth.test'), False)
    3237
    3338    def test_custom_perms(self):
    3439        user = User.objects.get(username='test')
  • django/core/xheaders.py

    === modified file 'django/core/xheaders.py'
     
    1818    """
    1919    from django.conf import settings
    2020    if (request.META.get('REMOTE_ADDR') in settings.INTERNAL_IPS
    21             or (hasattr(request, 'user') and request.user.is_authenticated()
     21            or (hasattr(request, 'user') and request.user.is_active
    2222                and request.user.is_staff)):
    2323        response['X-Object-Type'] = "%s.%s" % (model._meta.app_label, model._meta.object_name.lower())
    2424        response['X-Object-Id'] = str(object_id)
  • django/middleware/doc.py

    === modified file 'django/middleware/doc.py'
     
    1212        indicating the view function.  This is used by the documentation module
    1313        to lookup the view function for an arbitrary page.
    1414        """
    15         if request.method == 'HEAD' and (request.META.get('REMOTE_ADDR') in settings.INTERNAL_IPS or request.user.is_staff):
     15        if request.method == 'HEAD' and (request.META.get('REMOTE_ADDR') in settings.INTERNAL_IPS or
     16                                         (request.user.is_active and request.user.is_staff)):
    1617            response = http.HttpResponse()
    1718            response['X-View'] = "%s.%s" % (view_func.__module__, view_func.__name__)
    1819            return response
  • tests/regressiontests/admin_views/tests.py

    === modified file 'tests/regressiontests/admin_views/tests.py'
     
    602602        self.failUnlessEqual(logged.object_id, u'1')
    603603        self.client.get('/test_admin/admin/logout/')
    604604
     605    def testDisabledPermissionsWhenLoggedIn(self):
     606        self.client.login(username='super', password='secret')
     607        superuser = User.objects.get(username='super')
     608        superuser.is_active = False
     609        superuser.save()
     610
     611        response = self.client.get('/test_admin/admin/')
     612        self.assertContains(response, 'id="login-form"')
     613        self.assertNotContains(response, 'Log out')
     614
     615        response = self.client.get('/test_admin/admin/secure-view/')
     616        open('/home/maniac/Desktop/response.html', 'w').write(response.content)
     617        self.assertContains(response, 'id="login-form"')
     618
    605619class AdminViewStringPrimaryKeyTest(TestCase):
    606620    fixtures = ['admin-views-users.xml', 'string-primary-key.xml']
    607621
     
    622636        response = self.client.get('/test_admin/admin/admin_views/modelwithstringprimarykey/%s/history/' % quote(self.pk))
    623637        self.assertContains(response, escape(self.pk))
    624638        self.failUnlessEqual(response.status_code, 200)
    625  
     639
    626640    def test_get_change_view(self):
    627641        "Retrieving the object using urlencoded form of primary key should work"
    628642        response = self.client.get('/test_admin/admin/admin_views/modelwithstringprimarykey/%s/' % quote(self.pk))
  • tests/regressiontests/special_headers/fixtures/data.xml

    === added directory 'tests/regressiontests/special_headers'
    === added file 'tests/regressiontests/special_headers/__init__.py'
    === added directory 'tests/regressiontests/special_headers/fixtures'
    === added file 'tests/regressiontests/special_headers/fixtures/data.xml'
     
     1<?xml version="1.0" encoding="utf-8"?>
     2<django-objects version="1.0">
     3    <object pk="100" model="auth.user">
     4        <field type="CharField" name="username">super</field>
     5        <field type="CharField" name="first_name">Super</field>
     6        <field type="CharField" name="last_name">User</field>
     7        <field type="CharField" name="email">super@example.com</field>
     8        <field type="CharField" name="password">sha1$995a3$6011485ea3834267d719b4c801409b8b1ddd0158</field>
     9        <field type="BooleanField" name="is_staff">True</field>
     10        <field type="BooleanField" name="is_active">True</field>
     11        <field type="BooleanField" name="is_superuser">True</field>
     12        <field type="DateTimeField" name="last_login">2007-05-30 13:20:10</field>
     13        <field type="DateTimeField" name="date_joined">2007-05-30 13:20:10</field>
     14        <field to="auth.group" name="groups" rel="ManyToManyRel"></field>
     15        <field to="auth.permission" name="user_permissions" rel="ManyToManyRel"></field>
     16    </object>
     17    <object pk="1" model="special_headers.article">
     18        <field type="TextField" name="text">text</field>
     19    </object>
     20</django-objects>
  • tests/regressiontests/special_headers/models.py

    === added file 'tests/regressiontests/special_headers/models.py'
     
     1from django.db import models
     2
     3class Article(models.Model):
     4    text = models.TextField()
  • tests/regressiontests/special_headers/templates/special_headers/article_detail.html

    === added directory 'tests/regressiontests/special_headers/templates'
    === added directory 'tests/regressiontests/special_headers/templates/special_headers'
    === added file 'tests/regressiontests/special_headers/templates/special_headers/article_detail.html'
     
     1{{ object }}
  • tests/regressiontests/special_headers/tests.py

    === added file 'tests/regressiontests/special_headers/tests.py'
     
     1from django.test import TestCase
     2from django.contrib.auth.models import User
     3
     4class SpecialHeadersTest(TestCase):
     5    fixtures = ['data.xml']
     6
     7    def test_xheaders(self):
     8        user = User.objects.get(username='super')
     9        response = self.client.get('/special_headers/article/1/')
     10        # import pdb; pdb.set_trace()
     11        self.failUnless('X-Object-Type' not in response)
     12        self.client.login(username='super', password='secret')
     13        response = self.client.get('/special_headers/article/1/')
     14        self.failUnless('X-Object-Type' in response)
     15        user.is_staff = False
     16        user.save()
     17        response = self.client.get('/special_headers/article/1/')
     18        self.failUnless('X-Object-Type' not in response)
     19        user.is_staff = True
     20        user.is_active = False
     21        user.save()
     22        response = self.client.get('/special_headers/article/1/')
     23        self.failUnless('X-Object-Type' not in response)
     24
     25    def test_xview(self):
     26        user = User.objects.get(username='super')
     27        response = self.client.head('/special_headers/xview/')
     28        self.failUnless('X-View' not in response)
     29        self.client.login(username='super', password='secret')
     30        response = self.client.head('/special_headers/xview/')
     31        self.failUnless('X-View' in response)
     32        user.is_staff = False
     33        user.save()
     34        response = self.client.head('/special_headers/xview/')
     35        self.failUnless('X-View' not in response)
     36        user.is_staff = True
     37        user.is_active = False
     38        user.save()
     39        response = self.client.head('/special_headers/xview/')
     40        self.failUnless('X-View' not in response)
  • tests/regressiontests/special_headers/urls.py

    === added file 'tests/regressiontests/special_headers/urls.py'
     
     1# coding: utf-8
     2from django.conf.urls.defaults import *
     3from django.views.generic.list_detail import object_detail
     4from models import Article
     5import views
     6
     7urlpatterns = patterns('',
     8    (r'^article/(?P<object_id>\d+)/$', object_detail, {'queryset': Article.objects.all()}),
     9    (r'^xview/$', views.xview),
     10)
  • tests/regressiontests/special_headers/views.py

    === added file 'tests/regressiontests/special_headers/views.py'
     
     1# -*- coding:utf-8 -*-
     2from django.http import HttpResponse
     3from django.utils.decorators import decorator_from_middleware
     4from django.middleware.doc import XViewMiddleware
     5
     6xview_dec = decorator_from_middleware(XViewMiddleware)
     7
     8def xview(request):
     9    return HttpResponse()
     10xview = xview_dec(xview)
  • tests/urls.py

    === modified file 'tests/urls.py'
     
    3535
    3636    # conditional get views
    3737    (r'condition/', include('regressiontests.conditional_processing.urls')),
     38
     39    # special headers views
     40    (r'special_headers/', include('regressiontests.special_headers.urls')),
    3841)
Back to Top