Author: jacob Date: 2009-04-18 16:06:19 -0500 (Sat, 18 Apr 2009) New Revision: 10592
Modified: django/branches/releases/1.0.X/django/contrib/auth/admin.py Log: [1.0.X] Fixed #10694: correctly check permissions in the change password admin. Thanks, jturnbull. Backport of r10591 from trunk. Modified: django/branches/releases/1.0.X/django/contrib/auth/admin.py =================================================================== --- django/branches/releases/1.0.X/django/contrib/auth/admin.py 2009-04-18 21:04:40 UTC (rev 10591) +++ django/branches/releases/1.0.X/django/contrib/auth/admin.py 2009-04-18 21:06:19 UTC (rev 10592) @@ -90,7 +90,7 @@ }, context_instance=template.RequestContext(request)) def user_change_password(self, request, id): - if not request.user.has_perm('auth.change_user'): + if not self.has_change_permission(request): raise PermissionDenied user = get_object_or_404(self.model, pk=id) if request.method == 'POST': --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django updates" group. To post to this group, send email to django-updates@googlegroups.com To unsubscribe from this group, send email to django-updates+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/django-updates?hl=en -~----------~----~----~----~------~----~------~--~---