Code

Opened 5 years ago

Closed 5 years ago

Last modified 3 years ago

#10694 closed (fixed)

user_change_password in UserAdmin should lookup change permission

Reported by: jturnbull Owned by: nobody
Component: contrib.admin Version: master
Severity: Keywords:
Cc: Triage Stage: Ready for checkin
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: UI/UX:

Description

When subclassing UserAdmin the internal user_change_password view has a hardcoded "auth.change_user" permission check.

That requires the user to have edit permissions for the user model aswell as the subclass.

It should instead use the local has_change_permission check, which is neater anyway. Attached patch fixes this.

Attachments (1)

user_change_password_permissions.diff (574 bytes) - added by jturnbull 5 years ago.

Download all attachments as: .zip

Change History (5)

Changed 5 years ago by jturnbull

comment:1 Changed 5 years ago by jacob

  • milestone set to 1.1
  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset
  • Triage Stage changed from Unreviewed to Accepted

comment:2 Changed 5 years ago by Alex

  • Triage Stage changed from Accepted to Ready for checkin

comment:3 Changed 5 years ago by jacob

  • Resolution set to fixed
  • Status changed from new to closed

(In [10591]) Fixed #10694: correctly check permissions in the change password admin. Thanks, jturnbull.

comment:4 Changed 3 years ago by jacob

  • milestone 1.1 deleted

Milestone 1.1 deleted

Add Comment

Modify Ticket

Change Properties
<Author field>
Action
as closed
as The resolution will be set. Next status will be 'closed'
The resolution will be deleted. Next status will be 'new'
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.