Prevent non-superusers from modifying site settings
Review Request #8330 — Created Aug. 15, 2016 and submitted — Latest diff uploaded
Previously, any staff member (superuser or non-superuser) could change
any of the site settings. We now prevent all non-superuser staff members
from accessing site settings views so that they cannot. A new decorator
(similar to Django'sstaff_member_required
) has been added to
accomplish this.
- Manually verified that superusers can still change settings.
- Manually verified that non-superusers are shown a permission denied
page. - Manually verified that unauthenticated users are shown a login form.