Use normal user authentication to control access to /admin

- Adds is_superuser flag to User - Logged-in user must be a superuser or have from_body set in order to access anything within /admin - has_permission_to on a superuser will always return true - Only superusers can create/grant superusers - New `createsuperuser` command for creating superusers
author: Matthew Somerville <matthew-github@dracos.co.uk> 2016-07-06 18:07:22 +0100
committer: Dave Arter <davea@mysociety.org> 2016-07-19 17:56:22 +0100
commit: 6afbfe45183412e35e8e846fd0d4a9d846c8644b (patch)
tree: 3f5cb6173c08a571811f0a31508b45acf31d69f7 /README.md
parent: 65545553b5171f1ef1d611ea93c38f138451fb31 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/README.md b/README.md
index 5b536a67f..ef8e844c1 100644
--- a/README.md
+++ b/README.md
@@ -56,6 +56,8 @@ web-based cross-browser testing tools for this project.
         - Greatly improve report edit page, including map. #1347
         - Show any waiting reports on admin index page. #1382
         - Allow user's phone number to be edited.
+        - /admin now requires a logged-in user with the `is_superuser` flag set
+        - `createsuperuser` command for creating superusers/granting superuser status.
     - Development improvements:
         - make_css: Add output style option.
         - make_css: Follow symlinks.
author	Matthew Somerville <matthew-github@dracos.co.uk>	2016-07-06 18:07:22 +0100
committer	Dave Arter <davea@mysociety.org>	2016-07-19 17:56:22 +0100
commit	6afbfe45183412e35e8e846fd0d4a9d846c8644b (patch)
tree	3f5cb6173c08a571811f0a31508b45acf31d69f7 /README.md
parent	65545553b5171f1ef1d611ea93c38f138451fb31 (diff)