Only staff with good permission mask can visit Django Admin

2025-06-25 03:30:30 +02:00 · 2020-07-29 11:38:59 +02:00
parent d455c5c533
commit b8a88eeda4
13 changed files with 196 additions and 162 deletions
--- a/templates/base.html
+++ b/templates/base.html
@ -134,7 +134,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
                <li class="nav-item active">
                    <a class="nav-link" href="{% url 'permission:rights' %}"><i class="fas fa-balance-scale"></i> {% trans 'Rights' %}</a>
                </li>
-                {% if user.is_staff %}
+                {% if user.is_staff and ""|has_perm:user %}
                    <li class="nav-item active">
                        <a data-turbolinks="false" class="nav-link" href="{% url 'admin:index' %}"><i class="fas fa-user-cog"></i> {% trans 'Administration' %}</a>
                    </li>
--- a/templates/registration/login.html
+++ b/templates/registration/login.html
@ -10,9 +10,10 @@ SPDX-License-Identifier: GPL-2.0-or-later
 {% block content %}
    {% if user.is_authenticated %}
        <p class="errornote">
-            {% blocktrans trimmed %}
+            {% blocktrans trimmed with username=request.user.username %}
                You are authenticated as {{ username }}, but are not authorized to
-                access this page. Would you like to login to a different account?
+                access this page. Would you like to login to a different account,
+                or with a higher permission mask?
            {% endblocktrans %}
        </p>
    {% endif %}