Commits

Tim Savage committed eced723

By default always allow super user

Comments (0)

Files changed (2)

django_extras/contrib/auth/models.py

         filter = {self.__owner_filter: user_pk}
         return self.filter(**filter)
 
-    def owned_by(self, user, include_staff=False, include_superuser=False):
+    def owned_by(self, user, include_staff=False, include_superuser=True):
         """
         Filter by a user(s).
 

django_extras/contrib/auth/shortcuts.py

 from django.core.exceptions import PermissionDenied
 
 
-def get_owned_object_or_40x(klass, owner, include_staff=False, include_superuser=False, *args, **kwargs):
+def get_owned_object_or_40x(klass, owner, include_staff=False, include_superuser=True, *args, **kwargs):
     """
     Returns an object if it can be found (using get_object_or_404).
     If the object is not owned by the supplied owner a 403 will be raised.