Django

Code

Changeset 3884

Show
Ignore:
Timestamp:
09/29/06 08:37:58 (2 years ago)
Author:
russellm
Message:

Disabled access to the admin site for inactive accounts, and clarified documentation regarding User.is_active. Thanks to Enrico <rico.bl@gmail.com> for the report.

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • django/trunk/django/contrib/admin/views/decorators.py

    r3360 r3884  
    8888        # The user data is correct; log in the user in and continue. 
    8989        else: 
    90             if user.is_staff: 
     90            if user.is_active and user.is_staff: 
    9191                login(request, user) 
    9292                # TODO: set last_login with an event. 

  • django/trunk/docs/authentication.txt

    r3835 r3884  
    6767    * ``is_staff`` -- Boolean. Designates whether this user can access the 
    6868      admin site. 
    69     * ``is_active`` -- Boolean. Designates whether this user can log into the 
    70       Django admin. Set this to ``False`` instead of deleting accounts. 
     69    * ``is_active`` -- Boolean. Designates whether this account can be used 
     70      to log in. Set this flag to ``False`` instead of deleting accounts. 
    7171    * ``is_superuser`` -- Boolean. Designates that this user has all permissions 
    7272      without explicitly assigning them.