diff options
Diffstat (limited to 'lib/python2.7/site-packages/django/contrib/auth/admin.py')
| -rw-r--r-- | lib/python2.7/site-packages/django/contrib/auth/admin.py | 183 |
1 files changed, 0 insertions, 183 deletions
diff --git a/lib/python2.7/site-packages/django/contrib/auth/admin.py b/lib/python2.7/site-packages/django/contrib/auth/admin.py deleted file mode 100644 index 033e3cf..0000000 --- a/lib/python2.7/site-packages/django/contrib/auth/admin.py +++ /dev/null @@ -1,183 +0,0 @@ -from django.db import transaction -from django.conf import settings -from django.contrib import admin -from django.contrib.admin.options import IS_POPUP_VAR -from django.contrib.auth.forms import (UserCreationForm, UserChangeForm, - AdminPasswordChangeForm) -from django.contrib.auth.models import User, Group -from django.contrib import messages -from django.core.exceptions import PermissionDenied -from django.http import HttpResponseRedirect, Http404 -from django.shortcuts import get_object_or_404 -from django.template.response import TemplateResponse -from django.utils.html import escape -from django.utils.decorators import method_decorator -from django.utils.translation import ugettext, ugettext_lazy as _ -from django.views.decorators.csrf import csrf_protect -from django.views.decorators.debug import sensitive_post_parameters - -csrf_protect_m = method_decorator(csrf_protect) -sensitive_post_parameters_m = method_decorator(sensitive_post_parameters()) - - -class GroupAdmin(admin.ModelAdmin): - search_fields = ('name',) - ordering = ('name',) - filter_horizontal = ('permissions',) - - def formfield_for_manytomany(self, db_field, request=None, **kwargs): - if db_field.name == 'permissions': - qs = kwargs.get('queryset', db_field.rel.to.objects) - # Avoid a major performance hit resolving permission names which - # triggers a content_type load: - kwargs['queryset'] = qs.select_related('content_type') - return super(GroupAdmin, self).formfield_for_manytomany( - db_field, request=request, **kwargs) - - -class UserAdmin(admin.ModelAdmin): - add_form_template = 'admin/auth/user/add_form.html' - change_user_password_template = None - fieldsets = ( - (None, {'fields': ('username', 'password')}), - (_('Personal info'), {'fields': ('first_name', 'last_name', 'email')}), - (_('Permissions'), {'fields': ('is_active', 'is_staff', 'is_superuser', - 'groups', 'user_permissions')}), - (_('Important dates'), {'fields': ('last_login', 'date_joined')}), - ) - add_fieldsets = ( - (None, { - 'classes': ('wide',), - 'fields': ('username', 'password1', 'password2')} - ), - ) - form = UserChangeForm - add_form = UserCreationForm - change_password_form = AdminPasswordChangeForm - list_display = ('username', 'email', 'first_name', 'last_name', 'is_staff') - list_filter = ('is_staff', 'is_superuser', 'is_active', 'groups') - search_fields = ('username', 'first_name', 'last_name', 'email') - ordering = ('username',) - filter_horizontal = ('groups', 'user_permissions',) - - def get_fieldsets(self, request, obj=None): - if not obj: - return self.add_fieldsets - return super(UserAdmin, self).get_fieldsets(request, obj) - - def get_form(self, request, obj=None, **kwargs): - """ - Use special form during user creation - """ - defaults = {} - if obj is None: - defaults.update({ - 'form': self.add_form, - 'fields': admin.util.flatten_fieldsets(self.add_fieldsets), - }) - defaults.update(kwargs) - return super(UserAdmin, self).get_form(request, obj, **defaults) - - def get_urls(self): - from django.conf.urls import patterns - return patterns('', - (r'^(\d+)/password/$', - self.admin_site.admin_view(self.user_change_password)) - ) + super(UserAdmin, self).get_urls() - - def lookup_allowed(self, lookup, value): - # See #20078: we don't want to allow any lookups involving passwords. - if lookup.startswith('password'): - return False - return super(UserAdmin, self).lookup_allowed(lookup, value) - - @sensitive_post_parameters_m - @csrf_protect_m - @transaction.atomic - def add_view(self, request, form_url='', extra_context=None): - # It's an error for a user to have add permission but NOT change - # permission for users. If we allowed such users to add users, they - # could create superusers, which would mean they would essentially have - # the permission to change users. To avoid the problem entirely, we - # disallow users from adding users if they don't have change - # permission. - if not self.has_change_permission(request): - if self.has_add_permission(request) and settings.DEBUG: - # Raise Http404 in debug mode so that the user gets a helpful - # error message. - raise Http404( - 'Your user does not have the "Change user" permission. In ' - 'order to add users, Django requires that your user ' - 'account have both the "Add user" and "Change user" ' - 'permissions set.') - raise PermissionDenied - if extra_context is None: - extra_context = {} - username_field = self.model._meta.get_field(self.model.USERNAME_FIELD) - defaults = { - 'auto_populated_fields': (), - 'username_help_text': username_field.help_text, - } - extra_context.update(defaults) - return super(UserAdmin, self).add_view(request, form_url, - extra_context) - - @sensitive_post_parameters_m - def user_change_password(self, request, id, form_url=''): - if not self.has_change_permission(request): - raise PermissionDenied - user = get_object_or_404(self.get_queryset(request), pk=id) - if request.method == 'POST': - form = self.change_password_form(user, request.POST) - if form.is_valid(): - form.save() - change_message = self.construct_change_message(request, form, None) - self.log_change(request, request.user, change_message) - msg = ugettext('Password changed successfully.') - messages.success(request, msg) - return HttpResponseRedirect('..') - else: - form = self.change_password_form(user) - - fieldsets = [(None, {'fields': list(form.base_fields)})] - adminForm = admin.helpers.AdminForm(form, fieldsets, {}) - - context = { - 'title': _('Change password: %s') % escape(user.get_username()), - 'adminForm': adminForm, - 'form_url': form_url, - 'form': form, - 'is_popup': IS_POPUP_VAR in request.REQUEST, - 'add': True, - 'change': False, - 'has_delete_permission': False, - 'has_change_permission': True, - 'has_absolute_url': False, - 'opts': self.model._meta, - 'original': user, - 'save_as': False, - 'show_save': True, - } - return TemplateResponse(request, - self.change_user_password_template or - 'admin/auth/user/change_password.html', - context, current_app=self.admin_site.name) - - def response_add(self, request, obj, post_url_continue=None): - """ - Determines the HttpResponse for the add_view stage. It mostly defers to - its superclass implementation but is customized because the User model - has a slightly different workflow. - """ - # We should allow further modification of the user just added i.e. the - # 'Save' button should behave like the 'Save and continue editing' - # button except in two scenarios: - # * The user has pressed the 'Save and add another' button - # * We are adding a user in a popup - if '_addanother' not in request.POST and IS_POPUP_VAR not in request.POST: - request.POST['_continue'] = 1 - return super(UserAdmin, self).response_add(request, obj, - post_url_continue) - -admin.site.register(Group, GroupAdmin) -admin.site.register(User, UserAdmin) |