Loading django/contrib/admin/views/decorators.py +8 −4 Original line number Diff line number Diff line Loading @@ -2,13 +2,17 @@ from django.contrib.auth import REDIRECT_FIELD_NAME from django.contrib.auth.decorators import user_passes_test def staff_member_required(view_func, redirect_field_name=REDIRECT_FIELD_NAME, login_url='admin:login'): def staff_member_required(view_func=None, redirect_field_name=REDIRECT_FIELD_NAME, login_url='admin:login'): """ Decorator for views that checks that the user is logged in and is a staff member, displaying the login page if necessary. member, redirecting to the login page if necessary. """ return user_passes_test( actual_decorator = user_passes_test( lambda u: u.is_active and u.is_staff, login_url=login_url, redirect_field_name=redirect_field_name )(view_func) ) if view_func: return actual_decorator(view_func) return actual_decorator tests/admin_views/tests.py +9 −0 Original line number Diff line number Diff line Loading @@ -2125,6 +2125,15 @@ class SecureViewTests(TestCase): self.assertTemplateUsed(response, 'admin/login.html') self.assertEqual(response.context[REDIRECT_FIELD_NAME], secure_url) def test_staff_member_required_decorator_works_with_argument(self): """ Ensure that staff_member_required decorator works with an argument (redirect_field_name). """ secure_url = '/test_admin/admin/secure-view2/' response = self.client.get(secure_url) self.assertRedirects(response, '%s?myfield=%s' % (reverse('admin:login'), secure_url)) @override_settings(PASSWORD_HASHERS=['django.contrib.auth.hashers.SHA1PasswordHasher'], ROOT_URLCONF="admin_views.urls") Loading tests/admin_views/urls.py +1 −0 Original line number Diff line number Diff line Loading @@ -5,6 +5,7 @@ from . import admin, custom_has_permission_admin, customadmin, views urlpatterns = [ url(r'^test_admin/admin/doc/', include('django.contrib.admindocs.urls')), url(r'^test_admin/admin/secure-view/$', views.secure_view, name='secure_view'), url(r'^test_admin/admin/secure-view2/$', views.secure_view2, name='secure_view2'), url(r'^test_admin/admin/', include(admin.site.urls)), url(r'^test_admin/admin2/', include(customadmin.site.urls)), url(r'^test_admin/admin3/', include(admin.site.get_urls(), 'admin3', 'admin'), dict(form_url='pony')), Loading tests/admin_views/views.py +5 −0 Original line number Diff line number Diff line Loading @@ -5,3 +5,8 @@ from django.http import HttpResponse @staff_member_required def secure_view(request): return HttpResponse('%s' % request.POST) @staff_member_required(redirect_field_name='myfield') def secure_view2(request): return HttpResponse('%s' % request.POST) Loading
django/contrib/admin/views/decorators.py +8 −4 Original line number Diff line number Diff line Loading @@ -2,13 +2,17 @@ from django.contrib.auth import REDIRECT_FIELD_NAME from django.contrib.auth.decorators import user_passes_test def staff_member_required(view_func, redirect_field_name=REDIRECT_FIELD_NAME, login_url='admin:login'): def staff_member_required(view_func=None, redirect_field_name=REDIRECT_FIELD_NAME, login_url='admin:login'): """ Decorator for views that checks that the user is logged in and is a staff member, displaying the login page if necessary. member, redirecting to the login page if necessary. """ return user_passes_test( actual_decorator = user_passes_test( lambda u: u.is_active and u.is_staff, login_url=login_url, redirect_field_name=redirect_field_name )(view_func) ) if view_func: return actual_decorator(view_func) return actual_decorator
tests/admin_views/tests.py +9 −0 Original line number Diff line number Diff line Loading @@ -2125,6 +2125,15 @@ class SecureViewTests(TestCase): self.assertTemplateUsed(response, 'admin/login.html') self.assertEqual(response.context[REDIRECT_FIELD_NAME], secure_url) def test_staff_member_required_decorator_works_with_argument(self): """ Ensure that staff_member_required decorator works with an argument (redirect_field_name). """ secure_url = '/test_admin/admin/secure-view2/' response = self.client.get(secure_url) self.assertRedirects(response, '%s?myfield=%s' % (reverse('admin:login'), secure_url)) @override_settings(PASSWORD_HASHERS=['django.contrib.auth.hashers.SHA1PasswordHasher'], ROOT_URLCONF="admin_views.urls") Loading
tests/admin_views/urls.py +1 −0 Original line number Diff line number Diff line Loading @@ -5,6 +5,7 @@ from . import admin, custom_has_permission_admin, customadmin, views urlpatterns = [ url(r'^test_admin/admin/doc/', include('django.contrib.admindocs.urls')), url(r'^test_admin/admin/secure-view/$', views.secure_view, name='secure_view'), url(r'^test_admin/admin/secure-view2/$', views.secure_view2, name='secure_view2'), url(r'^test_admin/admin/', include(admin.site.urls)), url(r'^test_admin/admin2/', include(customadmin.site.urls)), url(r'^test_admin/admin3/', include(admin.site.get_urls(), 'admin3', 'admin'), dict(form_url='pony')), Loading
tests/admin_views/views.py +5 −0 Original line number Diff line number Diff line Loading @@ -5,3 +5,8 @@ from django.http import HttpResponse @staff_member_required def secure_view(request): return HttpResponse('%s' % request.POST) @staff_member_required(redirect_field_name='myfield') def secure_view2(request): return HttpResponse('%s' % request.POST)
