blinkster: comparison web/lib/django/contrib/admin/sites.py

equal deleted inserted replaced

-:b758351d191f
+:cc9b7e14412b
 import re
 from django import http, template
 from django.contrib.admin import ModelAdmin
 from django.contrib.admin import actions
 from django.contrib.auth import authenticate, login
+from django.views.decorators.csrf import csrf_protect
 from django.db.models.base import ModelBase
 from django.core.exceptions import ImproperlyConfigured
 from django.core.urlresolvers import reverse
 from django.shortcuts import render_to_response
 from django.utils.functional import update_wrapper
 from django.utils.safestring import mark_safe
 from django.utils.text import capfirst
 from django.utils.translation import ugettext_lazy, ugettext as _
 from django.views.decorators.cache import never_cache
 from django.conf import settings
-try:
-set
-except NameError:
-from sets import Set as set     # Python 2.3 fallback
 ERROR_MESSAGE = ugettext_lazy("Please enter a correct username and password. Note that both fields are case-sensitive.")
 LOGIN_FORM_KEY = 'this_is_the_login_form'
 class AlreadyRegistered(Exception):
 register() method, and the root() method can then be used as a Django view function
 that presents a full admin interface for the collection of registered models.
 """
 index_template = None
+app_index_template = None
 login_template = None
-app_index_template = None
+logout_template = None
+password_change_template = None
+password_change_done_template = None
 def __init__(self, name=None, app_name='admin'):
 self._registry = {} # model_class class -> admin_class instance
 self.root_path = None
 if name is None:
 def has_permission(self, request):
 """
 Returns True if the given HttpRequest has permission to view
 *at least one* page in the admin site.
 """
-return request.user.is_authenticated() and request.user.is_staff
+return request.user.is_active and request.user.is_staff
 def check_dependencies(self):
 """
 Check that all things needed to run the admin have been correctly installed.
 """
 from django.contrib.admin.models import LogEntry
 from django.contrib.contenttypes.models import ContentType
 if not LogEntry._meta.installed:
-raise ImproperlyConfigured("Put 'django.contrib.admin' in your INSTALLED_APPS setting in order to use the admin application.")
+raise ImproperlyConfigured("Put 'django.contrib.admin' in your "
+"INSTALLED_APPS setting in order to use the admin application.")
 if not ContentType._meta.installed:
-raise ImproperlyConfigured("Put 'django.contrib.contenttypes' in your INSTALLED_APPS setting in order to use the admin application.")
+raise ImproperlyConfigured("Put 'django.contrib.contenttypes' in "
-if 'django.core.context_processors.auth' not in settings.TEMPLATE_CONTEXT_PROCESSORS:
+"your INSTALLED_APPS setting in order to use the admin application.")
-raise ImproperlyConfigured("Put 'django.core.context_processors.auth' in your TEMPLATE_CONTEXT_PROCESSORS setting in order to use the admin application.")
+if not ('django.contrib.auth.context_processors.auth' in settings.TEMPLATE_CONTEXT_PROCESSORS or
+'django.core.context_processors.auth' in settings.TEMPLATE_CONTEXT_PROCESSORS):
+raise ImproperlyConfigured("Put 'django.contrib.auth.context_processors.auth' "
+"in your TEMPLATE_CONTEXT_PROCESSORS setting in order to use the admin application.")
 def admin_view(self, view, cacheable=False):
 """
 Decorator to create an admin view attached to this ``AdminSite``. This
 wraps the view and provides permission checking by calling
 if not self.has_permission(request):
 return self.login(request)
 return view(request, *args, **kwargs)
 if not cacheable:
 inner = never_cache(inner)
+# We add csrf_protect here so this function can be used as a utility
+# function for any view, without having to repeat 'csrf_protect'.
+if not getattr(view, 'csrf_exempt', False):
+inner = csrf_protect(inner)
 return update_wrapper(inner, view)
 def get_urls(self):
 from django.conf.urls.defaults import patterns, url, include
+if settings.DEBUG:
+self.check_dependencies()
 def wrap(view, cacheable=False):
 def wrapper(*args, **kwargs):
 return self.admin_view(view, cacheable)(*args, **kwargs)
 return update_wrapper(wrapper, view)
 from django.contrib.auth.views import password_change
 if self.root_path is not None:
 url = '%spassword_change/done/' % self.root_path
 else:
 url = reverse('admin:password_change_done', current_app=self.name)
-return password_change(request, post_change_redirect=url)
+defaults = {
+'post_change_redirect': url
+}
+if self.password_change_template is not None:
+defaults['template_name'] = self.password_change_template
+return password_change(request, **defaults)
 def password_change_done(self, request):
 """
 Displays the "success" page after a password change.
 """
 from django.contrib.auth.views import password_change_done
-return password_change_done(request)
+defaults = {}
+if self.password_change_done_template is not None:
+defaults['template_name'] = self.password_change_done_template
+return password_change_done(request, **defaults)
 def i18n_javascript(self, request):
 """
 Displays the i18n JavaScript that the Django admin requires.
 Logs out the user for the given HttpRequest.
 This should *not* assume the user is already logged in.
 """
 from django.contrib.auth.views import logout
-return logout(request)
+defaults = {}
+if self.logout_template is not None:
+defaults['template_name'] = self.logout_template
+return logout(request, **defaults)
 logout = never_cache(logout)
 def login(self, request):
 """
 Displays the login form for the given HttpRequest.
 removed in Django 1.3.
 """
 import warnings
 warnings.warn(
 "AdminSite.root() is deprecated; use include(admin.site.urls) instead.",
-PendingDeprecationWarning
+DeprecationWarning
 )
 #
 # Again, remember that the following only exists for
 # backwards-compatibility. Any new URLs, changes to existing URLs, or

changeset 29	cc9b7e14412b
parent 0	0d40e90630ef