search

buxeasywork / django-rosetta

Automatically exported from code.google.com/p/django-rosetta
MIT License
0 stars 0 forks source link

Rosetta should also check for user.is_staff() in can_translate() #92

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
1. Add a user that is superuser but *not* is_staff (yeah this is weird but 
possible...)
2. Login to rosetta with this user credentials

What is the expected output? 
Login should fail (IMHO) as it is the case in the django admin.

What do you see instead?
Login is accepted

What version of the product are you using? On what operating system?
SVN/debian

Please provide any additional information below.

Hi Marco, 
I'm David (the polib author), I've attached a patch for this, thanks.

Original issue reported on code.google.com by izimo...@gmail.com on 30 Nov 2010 at 9:08

Attachments:

GoogleCodeExporter commented 9 years ago 
Fixed in r108. Thanks for the patch, David.

Original comment by mbonetti on 10 Jan 2011 at 3:04

GoogleCodeExporter commented 9 years ago

Original comment by mbonetti on 10 Jan 2011 at 3:04

GoogleCodeExporter commented 9 years ago 
if rosetta checks user.is_staff(), then how do you hide admin interface form 
translator while giving him access rosetta interface?

Original comment by ad...@nextner.com on 26 Mar 2012 at 6:43

GoogleCodeExporter commented 9 years ago 
@#3: the check on is_staff is only done for completeness when we also check for 
is_superuser. If you don't want to give the translators access to the admin, 
don't add them to staff, but add them to the "tranlsators" group instead, that 
should do.

Original comment by mbonetti on 26 Mar 2012 at 7:38