Django

Code

Changeset 3786

Show
Ignore:
Timestamp:
09/21/06 22:17:28 (2 years ago)
Author:
mtredinnick
Message:

Fixed #2747 -- Make X-Headers work for staff members. Admins with dyanmic IP
addresses can now use bookmarklets. Thanks, Maximillian Dornseif.

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • django/trunk/AUTHORS

    r3781 r3786  
    6969    deric@monowerks.com 
    7070    dne@mayonnaise.net 
     71    Maximillian Dornseif <md@hudora.de> 
    7172    Jeremy Dunck <http://dunck.us/> 
    7273    Andy Dustman <farcepest@gmail.com> 

  • django/trunk/django/core/xheaders.py

    r2809 r3786  
    1414    Adds the "X-Object-Type" and "X-Object-Id" headers to the given 
    1515    HttpResponse according to the given model and object_id -- but only if the 
    16     given HttpRequest object has an IP address within the INTERNAL_IPS setting. 
     16    given HttpRequest object has an IP address within the INTERNAL_IPS setting 
     17    or if the request is from a logged in staff member. 
    1718    """ 
    1819    from django.conf import settings 
    19     if request.META.get('REMOTE_ADDR') in settings.INTERNAL_IPS
     20    if request.META.get('REMOTE_ADDR') in settings.INTERNAL_IPS or (request.user.is_authenticated() and request.user.is_staff)
    2021        response['X-Object-Type'] = "%s.%s" % (model._meta.app_label, model._meta.object_name.lower()) 
    2122        response['X-Object-Id'] = str(object_id) 

  • django/trunk/django/middleware/doc.py

    r3171 r3786  
    88    def process_view(self, request, view_func, view_args, view_kwargs): 
    99        """ 
    10         If the request method is HEAD and the IP is internal, quickly return 
    11         with an x-header indicating the view function.  This is used by the 
    12         documentation module to lookup the view function for an arbitrary page. 
     10        If the request method is HEAD and either the IP is internal or the 
     11        user is a logged-in staff member, quickly return with an x-header 
     12        indicating the view function.  This is used by the documentation module 
     13        to lookup the view function for an arbitrary page. 
    1314        """ 
    14         if request.method == 'HEAD' and request.META.get('REMOTE_ADDR') in settings.INTERNAL_IPS
     15        if request.method == 'HEAD' and (request.META.get('REMOTE_ADDR') in settings.INTERNAL_IPS or (request.user.is_authenticated() and request.user.is_staff))
    1516            response = http.HttpResponse() 
    1617            response['X-View'] = "%s.%s" % (view_func.__module__, view_func.__name__)