Author: jacob Date: 2009-04-18 16:04:40 -0500 (Sat, 18 Apr 2009) New Revision: 10591
Modified: django/trunk/django/contrib/auth/admin.py Log: Fixed #10694: correctly check permissions in the change password admin. Thanks, jturnbull. Modified: django/trunk/django/contrib/auth/admin.py =================================================================== --- django/trunk/django/contrib/auth/admin.py 2009-04-18 21:03:29 UTC (rev 10590) +++ django/trunk/django/contrib/auth/admin.py 2009-04-18 21:04:40 UTC (rev 10591) @@ -96,7 +96,7 @@ }, context_instance=template.RequestContext(request)) def user_change_password(self, request, id): - if not request.user.has_perm('auth.change_user'): + if not self.has_change_permission(request): raise PermissionDenied user = get_object_or_404(self.model, pk=id) if request.method == 'POST': --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django updates" group. To post to this group, send email to django-updates@googlegroups.com To unsubscribe from this group, send email to django-updates+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/django-updates?hl=en -~----------~----~----~----~------~----~------~--~---