Andal.LND/edx-platform
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Override admin templates to remove links that allow admin users to change

Browse Source 
passwords.

LEARNER-4928
This commit is contained in:
Diana Huang
2018-09-17 16:27:23 -04:00
parent a0d8601ba8
commit 0fb8f08d2e
3 changed files with 54 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
cms/templates/admin/base_site.html Normal file
View File

@@ -0,0 +1,19 @@
{% extends "admin/base.html" %}
{% load i18n admin_urls %}
{% block title %}{{ title }} | {{ site_title|default:_('Django site admin') }}{% endblock %}
{% block branding %}
<h1 id="site-name"><a href="{% url 'admin:index' %}">{{ site_header|default:_('Django administration') }}</a></h1>
{% endblock %}
{% block nav-global %}{% endblock %}
{% block userlinks %}
{% if site_url %}
<a href="{{ site_url }}">{% trans 'View site' %}</a> /
{% endif %}
{% if user.is_active and user.is_staff %}
{% url 'django-admindocs-docroot' as docsroot %}
{% if docsroot %}
<a href="{{ docsroot }}">{% trans 'Documentation' %}</a> /
{% endif %}
{% endif %}
<a href="{% url 'admin:logout' %}">{% trans 'Log out' %}</a>
{% endblock %}

16
common/djangoapps/student/admin.py
View File

@@ -5,6 +5,7 @@ from django.contrib import admin
from django.contrib.admin.sites import NotRegistered
from django.contrib.auth import get_user_model
from django.contrib.auth.admin import UserAdmin as BaseUserAdmin
from django.contrib.auth.forms import ReadOnlyPasswordHashField, UserChangeForm as BaseUserChangeForm
from django.db import models
from django.utils.translation import ugettext_lazy as _
from opaque_keys import InvalidKeyError
@@ -240,9 +241,24 @@ class UserProfileInline(admin.StackedInline):
verbose_name_plural = _('User profile')
class UserChangeForm(BaseUserChangeForm):
"""
Override the default UserChangeForm such that the password field
does not contain a link to a 'change password' form.
"""
password = ReadOnlyPasswordHashField(
label=_("Password"),
help_text=_(
"Raw passwords are not stored, so there is no way to see this "
"user's password."
),
)
class UserAdmin(BaseUserAdmin):
""" Admin interface for the User model. """
inlines = (UserProfileInline,)
form = UserChangeForm
def get_readonly_fields(self, request, obj=None):
"""

19
lms/templates/admin/base_site.html Normal file
View File

@@ -0,0 +1,19 @@
{% extends "admin/base.html" %}
{% load i18n admin_urls %}
{% block title %}{{ title }} | {{ site_title|default:_('Django site admin') }}{% endblock %}
{% block branding %}
<h1 id="site-name"><a href="{% url 'admin:index' %}">{{ site_header|default:_('Django administration') }}</a></h1>
{% endblock %}
{% block nav-global %}{% endblock %}
{% block userlinks %}
{% if site_url %}
<a href="{{ site_url }}">{% trans 'View site' %}</a> /
{% endif %}
{% if user.is_active and user.is_staff %}
{% url 'django-admindocs-docroot' as docsroot %}
{% if docsroot %}
<a href="{{ docsroot }}">{% trans 'Documentation' %}</a> /
{% endif %}
{% endif %}
<a href="{% url 'admin:logout' %}">{% trans 'Log out' %}</a>
{% endblock %}