Ticket #10525: staff_member_required.patch

File staff_member_required.patch, 3.6 KB (added by anonymous, 15 years ago)

  • django/contrib/admin/views/decorators.py

     
    2727    Decorator for views that checks that the user is logged in and is a staff
    2828    member, displaying the login page if necessary.
    2929    """
    30     def _checklogin(request, *args, **kwargs):
     30    def _checklogin_function(request, *args, **kwargs):
    3131        if request.user.is_authenticated() and request.user.is_staff:
    3232            # The user is valid. Continue to the admin page.
    3333            return view_func(request, *args, **kwargs)
     
    7373                return http.HttpResponseRedirect(request.get_full_path())
    7474            else:
    7575                return _display_login_form(request, ERROR_MESSAGE)
     76   
     77    def _checklogin_method(self,request, *args, **kwargs):
     78        if request.user.is_authenticated() and request.user.is_staff:
     79            # The user is valid. Continue to the admin page.
     80            return view_func(self, request, *args, **kwargs)
    7681
    77     return wraps(view_func)(_checklogin)
     82        assert hasattr(request, 'session'), "The Django admin requires session middleware to be installed. Edit your MIDDLEWARE_CLASSES setting to insert 'django.contrib.sessions.middleware.SessionMiddleware'."
     83
     84        # If this isn't already the login page, display it.
     85        if LOGIN_FORM_KEY not in request.POST:
     86            if request.POST:
     87                message = _("Please log in again, because your session has expired.")
     88            else:
     89                message = ""
     90            return _display_login_form(request, message)
     91
     92        # Check that the user accepts cookies.
     93        if not request.session.test_cookie_worked():
     94            message = _("Looks like your browser isn't configured to accept cookies. Please enable cookies, reload this page, and try again.")
     95            return _display_login_form(request, message)
     96        else:
     97            request.session.delete_test_cookie()
     98
     99        # Check the password.
     100        username = request.POST.get('username', None)
     101        password = request.POST.get('password', None)
     102        user = authenticate(username=username, password=password)
     103        if user is None:
     104            message = ERROR_MESSAGE
     105            if '@' in username:
     106                # Mistakenly entered e-mail address instead of username? Look it up.
     107                users = list(User.objects.filter(email=username))
     108                if len(users) == 1 and users[0].check_password(password):
     109                    message = _("Your e-mail address is not your username. Try '%s' instead.") % users[0].username
     110                else:
     111                    # Either we cannot find the user, or if more than 1
     112                    # we cannot guess which user is the correct one.
     113                    message = _("Usernames cannot contain the '@' character.")
     114            return _display_login_form(request, message)
     115
     116        # The user data is correct; log in the user in and continue.
     117        else:
     118            if user.is_active and user.is_staff:
     119                login(request, user)
     120                return http.HttpResponseRedirect(request.get_full_path())
     121            else:
     122                return _display_login_form(request, ERROR_MESSAGE)
     123   
     124    import types
     125    if isinstance(view_func,types.FunctionType):
     126        # view_func is a function
     127        return wraps(view_func)(_checklogin_function)
     128    else:
     129        # view_func is a method
     130        return wraps(view_func)(_checklogin_method)
Back to Top