44e26bb8de
This fixes a redirection loop causing an authenticated user which is *not* staff accessing /admin to be loop-redirected between /admin -> /admin/login -> /accounts/login Also include some hideous basic page to show a message. This should not be a problem; a non-admin user accessing /admin deserves hurting their eyes.
45 lines
1.1 KiB
Python
45 lines
1.1 KiB
Python
import django
|
|
from django.views.generic import RedirectView
|
|
from django.contrib import admin
|
|
from django.shortcuts import render
|
|
|
|
|
|
if django.VERSION >= (1, 10):
|
|
from django.urls import reverse_lazy
|
|
else:
|
|
from django.core.urlresolvers import reverse_lazy
|
|
|
|
|
|
class CaptureLogin(RedirectView):
|
|
url = reverse_lazy('account_login')
|
|
query_string = True
|
|
permanent = False
|
|
|
|
|
|
capture_login = CaptureLogin.as_view()
|
|
|
|
|
|
class CaptureLogout(RedirectView):
|
|
url = reverse_lazy('account_logout')
|
|
query_string = True
|
|
permanent = False
|
|
|
|
|
|
capture_logout = CaptureLogout.as_view()
|
|
|
|
|
|
def capture_login_admin(request):
|
|
""" Redirect the user to allauth login page if they are not logged in, or
|
|
fails and display a message if they are logged in *but* are not
|
|
administrators """
|
|
|
|
if admin.site.has_permission(request):
|
|
return capture_login(request)
|
|
|
|
context = {
|
|
'message': ("The account you're authenticated with is not an "
|
|
"administrator account."),
|
|
}
|
|
return render(request,
|
|
"allauth_ens/simple_message.html",
|
|
context=context)
|