[Changeset] r10591 - django/trunk/django/contrib/auth

Sat, 18 Apr 2009 14:04:44 -0700 

Author: jacob
Date: 2009-04-18 16:04:40 -0500 (Sat, 18 Apr 2009)
New Revision: 10591

Modified:
   django/trunk/django/contrib/auth/admin.py
Log:
Fixed #10694: correctly check permissions in the change password admin. Thanks, 
jturnbull.

Modified: django/trunk/django/contrib/auth/admin.py
===================================================================
--- django/trunk/django/contrib/auth/admin.py   2009-04-18 21:03:29 UTC (rev 
10590)
+++ django/trunk/django/contrib/auth/admin.py   2009-04-18 21:04:40 UTC (rev 
10591)
@@ -96,7 +96,7 @@
         }, context_instance=template.RequestContext(request))
 
     def user_change_password(self, request, id):
-        if not request.user.has_perm('auth.change_user'):
+        if not self.has_change_permission(request):
             raise PermissionDenied
         user = get_object_or_404(self.model, pk=id)
         if request.method == 'POST':


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To post to this group, send email to django-updates@googlegroups.com
To unsubscribe from this group, send email to 
django-updates+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/django-updates?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply via email to