Opened 13 years ago
Closed 3 days ago
#17905 closed New feature (fixed)
Admin documentation lists all models, even for users without access to certain applications
| Reported by: | chriscohoat | Owned by: | SAI GANESH S |
|---|---|---|---|
| Component: | contrib.admindocs | Version: | 1.4-alpha-1 |
| Severity: | Normal | Keywords: | |
| Cc: | SAI GANESH S | Triage Stage: | Ready for checkin |
| Has patch: | yes | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
By default, the admin docs lists documentation for all models. Some users may not have access to models that are still listed in their entirety.
The easiest way to fix this was to check each model in the model index, and only add the model to the listing if a user has the correct permissions. I'm not sure if this is the correct way to go about this, but I'm submitting the patch for review.
Attachments (5)
Change History (19)
by , 13 years ago
| Attachment: | admindocs_model_permissions.diff added |
|---|
by , 13 years ago
| Attachment: | admindocs_model_permissions.2.diff added |
|---|
Updated patch to include model details view.
by , 13 years ago
| Attachment: | admindocs_model_permissions.3.diff added |
|---|
Removed unnecessary import of forbidden HttpResponse. Default action raises an Http404 so that model names cannot be guessed.
comment:1 by , 12 years ago
| Triage Stage: | Unreviewed → Accepted |
|---|
Yeah, this seems sensible. The patch you attached seems to have been generated wrong though, in the wrong order.
comment:2 by , 12 years ago
| Needs documentation: | set |
|---|---|
| Patch needs improvement: | set |
by , 12 years ago
| Attachment: | patch_17905.diff added |
|---|
Refined patch to be more pythonic in code design.
comment:3 by , 12 years ago
| Owner: | changed from to |
|---|
comment:4 by , 12 years ago
| Patch needs improvement: | unset |
|---|
comment:5 by , 12 years ago
| Patch needs improvement: | set |
|---|
Noticed that it's possible to direct access models.
by , 12 years ago
| Attachment: | patch_17905.2.diff added |
|---|
Added validation for direct access to models to which you have no access
comment:6 by , 12 years ago
| Patch needs improvement: | unset |
|---|
comment:7 by , 12 years ago
| Needs documentation: | unset |
|---|
Added documentation and added to pull request: https://github.com/django/django/pull/534
comment:8 by , 12 years ago
| Needs tests: | set |
|---|
comment:9 by , 12 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:10 by , 9 days ago
| Cc: | added |
|---|---|
| Has patch: | unset |
| Needs tests: | unset |
| Owner: | changed from to |
comment:12 by , 6 days ago
| Patch needs improvement: | set |
|---|
comment:13 by , 3 days ago
| Patch needs improvement: | unset |
|---|---|
| Triage Stage: | Accepted → Ready for checkin |
Check user permissions in the admindocs model index.