Opened 14 years ago
Closed 10 years ago
#14434 closed Bug (duplicate)
AdminSite should rely on self.has_permission for all permission checks
| Reported by: | Brandon Konkle | Owned by: | nobody |
|---|---|---|---|
| Component: | contrib.admin | Version: | 1.2 |
| Severity: | Normal | Keywords: | admin views |
| Cc: | Alexander Koshelev | Triage Stage: | Accepted |
| Has patch: | yes | Needs documentation: | no |
| Needs tests: | yes | Patch needs improvement: | yes |
| Easy pickings: | no | UI/UX: | no |
Description
At the end of the login method on django.contrib.admin.sites.AdminSite , if the user data is correct the method checks for user.is_active and user.is_staff and then logs the user in. The admin_view method calls the has_permission method, which also checks for user.is_active and user.is_staff by default. Putting this into a separate method provides an extension point, however, to customize the permissions checked.
The fact that the login method doesn't check has_permission but checks is_active and is_staff explicitly is redundant and breaks the customization if a developer wants to create a separate, limited admin site where user.is_staff isn't a requirement. A use case would be in multi-tenancy situations, where users with a special permission may be able to access a site-specific admin site where they can only access data for their site.
Attachments (1)
Change History (11)
by , 14 years ago
| Attachment: | django-admin-login-view.diff added |
|---|
comment:1 by , 14 years ago
| Cc: | added |
|---|
comment:2 by , 14 years ago
| Triage Stage: | Unreviewed → Accepted |
|---|
comment:3 by , 14 years ago
| Component: | Contrib apps → django.contrib.admin |
|---|
comment:4 by , 14 years ago
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
This has been fixed as a side effect of [14769].
comment:5 by , 13 years ago
| Easy pickings: | unset |
|---|---|
| Resolution: | fixed |
| Severity: | → Normal |
| Status: | closed → reopened |
| Type: | → Uncategorized |
| UI/UX: | unset |
I don't believe this has been fully resolved.
Even when AdminSite.has_permission() is overridden, it won't lead to the expected effect:
https://code.djangoproject.com/browser/django/trunk/django/contrib/admin/forms.py#L40
and
https://code.djangoproject.com/browser/django/trunk/django/contrib/admin/templates/admin/base.html#L26
still do explicit "is_staff" checks.
comment:6 by , 13 years ago
| Needs tests: | set |
|---|---|
| Patch needs improvement: | set |
| Summary: | AdminSite should check self.has_permission in self.login → AdminSite should rely on self.has_permission for all permission checks |
| Type: | Uncategorized → Bug |
comment:7 by , 13 years ago
I don't know enough about the workings of AdminSite to create a patch, but wanted to leave a comment on what I observed during my recent investigations:
AdminSite.login_form is an AdminAuthenticationForm but the latter doesn't yet have an attribute to go the other direction and ask "its" AdminSite (more than one could share the same login_form...) for has_permission()... That could be passed into the constructor but I don't know the consequences - getting instantiated with request (cookies) and all... The template has the same problem. On a case-by-case basis I can swap one hardcoded piece of code with another, a generic solution is harder...
That said I think "only" those two locations need to be adjusted.
comment:8 by , 13 years ago
Regarding access to has_permission() in the form, maybe give AdminAuthenticationForm a class attribute admin_site=None which gets defaulted to a contrib.admin.sites.AdminSite if it stays None? Regarding admin/base.html I have no idea how it could be told its AdminSite...
comment:9 by , 12 years ago
| Status: | reopened → new |
|---|
comment:10 by , 10 years ago
| Resolution: | → duplicate |
|---|---|
| Status: | new → closed |
duplicate of https://code.djangoproject.com/ticket/22295
This the one of the issues that had been reported in #8049, unfortunately the solution implemented when fixing it wasn't to centralize the logic but rather to duplicate the if checks.