Code

Ticket #17905: admindocs_model_permissions.3.diff

File admindocs_model_permissions.3.diff, 1.0 KB (added by chriscohoat, 2 years ago)

Removed unnecessary import of forbidden HttpResponse. Default action raises an Http404 so that model names cannot be guessed.

Line 
1diff --git a/django/contrib/admindocs/views.py b/django/contrib/admindocs/views.py
2index dfd4302..33d9a7d 100644
3--- a/django/contrib/admindocs/views.py
4+++ b/django/contrib/admindocs/views.py
5@@ -169,7 +169,7 @@ def view_detail(request, view):
6 def model_index(request):
7     if not utils.docutils_is_available:
8         return missing_docutils_page(request)
9-    m_list = [m._meta for m in models.get_models() if request.user.has_module_perms(m._meta.app_label)]
10+    m_list = [m._meta for m in models.get_models()]
11     return render_to_response('admin_doc/model_index.html', {
12         'root_path': urlresolvers.reverse('admin:index'),
13         'models': m_list
14@@ -180,10 +180,6 @@ def model_detail(request, app_label, model_name):
15     if not utils.docutils_is_available:
16         return missing_docutils_page(request)
17 
18-    #Make sure user can access this model
19-    if not request.user.has_module_perms(app_label):
20-        raise Http404(_("App %r not found") % app_label)
21-
22     # Get the model class.
23     try:
24         app_mod = models.get_app(app_label)