From a68454f7a44e633e0f18d287c8a76be3f55e7b39 Mon Sep 17 00:00:00 2001 From: guanghongwei Date: Wed, 24 Sep 2014 15:42:44 +0800 Subject: [PATCH] =?UTF-8?q?=E6=B7=87=EE=86=BD=E6=95=BC=20=E9=8D=92?= =?UTF-8?q?=E7=8A=BB=E6=AB=8E=E9=90=A2=E3=84=A6=E5=9F=9B=E9=8F=89=E5=86=AE?= =?UTF-8?q?=E6=AA=BA?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- webroot/AutoSa/AutoSa/views.py | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/webroot/AutoSa/AutoSa/views.py b/webroot/AutoSa/AutoSa/views.py index d5b706452..c678ae832 100644 --- a/webroot/AutoSa/AutoSa/views.py +++ b/webroot/AutoSa/AutoSa/views.py @@ -272,6 +272,10 @@ def showUser(request): for id in selected_user: try: user_del = User.objects.get(id=id) + if user_del.is_admin or user_del.is_superuser: + if request.session.get('admin') == 1: + error = 'No Permision.' + return HttpResponseRedirect('/showUser/') username = user_del.username user_del.delete() except Exception, e: @@ -327,6 +331,11 @@ def addUser(request): ldap_password = keygen(16) group_post = user['group'] groups = [] + + if request.session.get('admin') < 1: + is_admin = False + is_superuser = False + for group_name in group_post: groups.append(Group.objects.get(name=group_name))