mirror of
				https://github.com/django/django.git
				synced 2025-10-25 22:56:12 +00:00 
			
		
		
		
	Fixed #2747 -- Make X-Headers work for staff members. Admins with dyanmic IP
addresses can now use bookmarklets. Thanks, Maximillian Dornseif. git-svn-id: http://code.djangoproject.com/svn/django/trunk@3786 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
		
							
								
								
									
										1
									
								
								AUTHORS
									
									
									
									
									
								
							
							
						
						
									
										1
									
								
								AUTHORS
									
									
									
									
									
								
							| @@ -68,6 +68,7 @@ answer newbie questions, and generally made Django that much better: | ||||
|     Alex Dedul | ||||
|     deric@monowerks.com | ||||
|     dne@mayonnaise.net | ||||
|     Maximillian Dornseif <md@hudora.de> | ||||
|     Jeremy Dunck <http://dunck.us/> | ||||
|     Andy Dustman <farcepest@gmail.com> | ||||
|     Clint Ecker | ||||
|   | ||||
| @@ -13,9 +13,10 @@ def populate_xheaders(request, response, model, object_id): | ||||
|     """ | ||||
|     Adds the "X-Object-Type" and "X-Object-Id" headers to the given | ||||
|     HttpResponse according to the given model and object_id -- but only if the | ||||
|     given HttpRequest object has an IP address within the INTERNAL_IPS setting. | ||||
|     given HttpRequest object has an IP address within the INTERNAL_IPS setting | ||||
|     or if the request is from a logged in staff member. | ||||
|     """ | ||||
|     from django.conf import settings | ||||
|     if request.META.get('REMOTE_ADDR') in settings.INTERNAL_IPS: | ||||
|     if request.META.get('REMOTE_ADDR') in settings.INTERNAL_IPS or (request.user.is_authenticated() and request.user.is_staff): | ||||
|         response['X-Object-Type'] = "%s.%s" % (model._meta.app_label, model._meta.object_name.lower()) | ||||
|         response['X-Object-Id'] = str(object_id) | ||||
|   | ||||
| @@ -7,11 +7,12 @@ class XViewMiddleware(object): | ||||
|     """ | ||||
|     def process_view(self, request, view_func, view_args, view_kwargs): | ||||
|         """ | ||||
|         If the request method is HEAD and the IP is internal, quickly return | ||||
|         with an x-header indicating the view function.  This is used by the | ||||
|         documentation module to lookup the view function for an arbitrary page. | ||||
|         If the request method is HEAD and either the IP is internal or the | ||||
|         user is a logged-in staff member, quickly return with an x-header | ||||
|         indicating the view function.  This is used by the documentation module | ||||
|         to lookup the view function for an arbitrary page. | ||||
|         """ | ||||
|         if request.method == 'HEAD' and request.META.get('REMOTE_ADDR') in settings.INTERNAL_IPS: | ||||
|         if request.method == 'HEAD' and (request.META.get('REMOTE_ADDR') in settings.INTERNAL_IPS or (request.user.is_authenticated() and request.user.is_staff)): | ||||
|             response = http.HttpResponse() | ||||
|             response['X-View'] = "%s.%s" % (view_func.__module__, view_func.__name__) | ||||
|             return response | ||||
|   | ||||
		Reference in New Issue
	
	Block a user