Ticket #17905: admindocs_model_permissions.3.diff

File admindocs_model_permissions.3.diff, 1.0 KB (added by chriscohoat, 3 years ago)

Removed unnecessary import of forbidden HttpResponse. Default action raises an Http404 so that model names cannot be guessed.

  • django/contrib/admindocs/views.py

    diff --git a/django/contrib/admindocs/views.py b/django/contrib/admindocs/views.py
    index dfd4302..33d9a7d 100644
    a b def view_detail(request, view): 
    169169def model_index(request):
    170170    if not utils.docutils_is_available:
    171171        return missing_docutils_page(request)
    172     m_list = [m._meta for m in models.get_models() if request.user.has_module_perms(m._meta.app_label)]
     172    m_list = [m._meta for m in models.get_models()]
    173173    return render_to_response('admin_doc/model_index.html', {
    174174        'root_path': urlresolvers.reverse('admin:index'),
    175175        'models': m_list
    def model_detail(request, app_label, model_name): 
    180180    if not utils.docutils_is_available:
    181181        return missing_docutils_page(request)
    182182
    183     #Make sure user can access this model
    184     if not request.user.has_module_perms(app_label):
    185         raise Http404(_("App %r not found") % app_label)
    186 
    187183    # Get the model class.
    188184    try:
    189185        app_mod = models.get_app(app_label)
Back to Top