(self, request, form_url="", extra_context=None)
| 119 | return self._add_view(request, form_url, extra_context) |
| 120 | |
| 121 | def _add_view(self, request, form_url="", extra_context=None): |
| 122 | # It's an error for a user to have add permission but NOT change |
| 123 | # permission for users. If we allowed such users to add users, they |
| 124 | # could create superusers, which would mean they would essentially have |
| 125 | # the permission to change users. To avoid the problem entirely, we |
| 126 | # disallow users from adding users if they don't have change |
| 127 | # permission. |
| 128 | if not self.has_change_permission(request): |
| 129 | if self.has_add_permission(request) and settings.DEBUG: |
| 130 | # Raise Http404 in debug mode so that the user gets a helpful |
| 131 | # error message. |
| 132 | raise Http404( |
| 133 | 'Your user does not have the "Change user" permission. In ' |
| 134 | "order to add users, Django requires that your user " |
| 135 | 'account have both the "Add user" and "Change user" ' |
| 136 | "permissions set." |
| 137 | ) |
| 138 | raise PermissionDenied |
| 139 | if extra_context is None: |
| 140 | extra_context = {} |
| 141 | username_field = self.opts.get_field(self.model.USERNAME_FIELD) |
| 142 | defaults = { |
| 143 | "auto_populated_fields": (), |
| 144 | "username_help_text": username_field.help_text, |
| 145 | } |
| 146 | extra_context.update(defaults) |
| 147 | return super().add_view(request, form_url, extra_context) |
| 148 | |
| 149 | @method_decorator(sensitive_post_parameters()) |
| 150 | def user_change_password(self, request, id, form_url=""): |
no test coverage detected