Changeset 4582
- Timestamp:
- 02/25/07 14:27:41 (2 years ago)
- Files:
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
django/branches/newforms-admin/django/contrib/admin/options.py
r4569 r4582 247 247 return request.user.has_perm(opts.app_label + '.' + opts.get_add_permission()) 248 248 249 def has_change_permission(self, request, object_id): 250 """ 251 Returns True if the given request has permission to change the object 252 with the given object_id. 249 def has_change_permission(self, request, obj): 250 """ 251 Returns True if the given request has permission to change the given 252 Django model instance. 253 254 If `obj` is None, this should return True if the given request has 255 permission to change *any* object of the given type. 253 256 """ 254 257 opts = self.opts … … 387 390 app_label = opts.app_label 388 391 389 if not self.has_change_permission(request, object_id):390 raise PermissionDenied391 392 if request.POST and request.POST.has_key("_saveasnew"):393 return self.add_view(request, form_url='../../add/')394 395 392 try: 396 393 obj = model._default_manager.get(pk=object_id) 397 394 except model.DoesNotExist: 395 # Don't raise Http404 just yet, because we haven't checked 396 # permissions yet. We don't want an unauthenticated user to be able 397 # to determine whether a given object exists. 398 obj = None 399 400 if not self.has_change_permission(request, obj): 401 raise PermissionDenied 402 403 if obj is None: 398 404 raise Http404('%s object with primary key %r does not exist.' % (opts.verbose_name, escape(object_id))) 405 406 if request.POST and request.POST.has_key("_saveasnew"): 407 return self.add_view(request, form_url='../../add/') 399 408 400 409 ModelForm = forms.form_for_instance(obj, formfield_callback=self.formfield_for_dbfield)
