Hopiu/wagtail
1
0
Fork 0
mirror of https://github.com/Hopiu/wagtail.git synced 2026-05-09 16:04:45 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Don't set is_staff flag on users

Browse source 
Wagtail doesn't routinely require access to Django admin, so it makes sense for Wagtail to not enforce an opinion on who does or doesn't get access.

Fixes #970 and #2777
This commit is contained in:
Matt Westcott 2017-03-08 15:03:49 +00:00
parent c7b778c4e9
commit 00c6a5f220
3 changed files with 7 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
CHANGELOG.txt
View file

@ -19,6 +19,7 @@ Changelog
* User creation / edit form now enforces password validators set in `AUTH_PASSWORD_VALIDATORS` (Bertrand Bordage)
* Added support for showing `non_field_errors` when validation fails in the page editor (Matt Westcott)
* Added `WAGTAILADMIN_RECENT_EDITS_LIMIT` setting to to define the number of your most recent edits on the dashboard (Maarten Kling)
* Creating / editing users through the Wagtail admin no longer modifies the `is_staff` flag (Matt Westcott)
* Fix: Marked 'Date from' / 'Date to' strings in wagtailforms for translation (Vorlif)
* Fix: "File" field label on image edit form is now translated (Stein Strindhaug)
* Fix: Unreliable preview is now reliable by always opening in a new window (Kjartan Sverrisson)

6
docs/releases/1.10.rst
View file

@ -86,3 +86,9 @@ Projects using :ref:`custom image models <custom_image_model>` no longer need to
def image_feature_detection(sender, instance, **kwargs):
if not instance.has_focal_point():
instance.set_focal_point(instance.get_suggested_focal_point())
Adding / editing users through Wagtail admin no longer sets ``is_staff`` flag
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Previously, the ``is_staff`` flag (which grants access to the Django admin interface) was automatically set for superusers, and reset for other users, when creating and updating users through the Wagtail admin. This behaviour has now been removed, since Wagtail is designed to work independently of the Django admin. If you need to reinstate the old behaviour, you can set up a `pre_save signal handler <https://docs.djangoproject.com/en/1.10/ref/signals/#django.db.models.signals.pre_save>`_ on the User model to set the flag appropriately.

3
wagtail/wagtailusers/forms.py
View file

@ -146,9 +146,6 @@ class UserForm(UsernameForm):
if password:
user.set_password(password)
# Superusers can always access the admin interface.
user.is_staff = user.is_superuser
if commit:
user.save()
self.save_m2m()