Prevent non-superusers from modifying site settings

Review Request #8330 — Created Aug. 15, 2016 and submitted — Latest diff uploaded

Information

Review Board
release-2.5.x
e999957...

Reviewers

Previously, any staff member (superuser or non-superuser) could change
any of the site settings. We now prevent all non-superuser staff members
from accessing site settings views so that they cannot. A new decorator
(similar to Django's staff_member_required) has been added to
accomplish this.

  • Manually verified that superusers can still change settings.
  • Manually verified that non-superusers are shown a permission denied
    page.
  • Manually verified that unauthenticated users are shown a login form.

Diff Revision 1

This is not the most recent revision of the diff. The latest diff is revision 3. See what's changed.

orig
1
2
3
reviewboard/admin/decorators.py
reviewboard/admin/views.py
Loading...