Based on this email...
http://groups.google.com/group/reviewboard/msg/dd80c6cb3b4c7ccc
... I'm filing a bug.
In the recommended changes from the above email, I changed templates/admin/base_site.html to wrap the settings link with {% if user.is_superuser %}.
Upon exploring the permissions in Django, it looks like it should be possible to use the more surgical, and always correct:
{% if perms.whatever_permission_name %} that corresponds to siteconfig change_siteconfiguration - I couldn't figure out the name of the permission.
Likewise, in views.py, this sort of change:
def site_settings(request, form_class,
template_name="siteconfig/settings.html"):
if request.user.is_superuser:
return djblets_site_settings(request, form_class, template_name, {
'root_path': settings.SITE_ROOT + "admin/db/"
})
else:
err_resp = HttpResponse("Permission denied.", status = 401)
return err_resp
... but again, specifically checking for the named permission.
That will get me back to using an unpatched version of reviewboard.
