#3984 closed (wontfix)
[patch] add 'view' as a default permission in django.contrib.auth
| Reported by: | Tai Lee | Owned by: | Adrian Holovaty |
|---|---|---|---|
| Component: | Contrib apps | Version: | dev |
| Severity: | Keywords: | auth default permissions view | |
| Cc: | real.human@… | Triage Stage: | Design decision needed |
| Has patch: | yes | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
i'd like to see 'view' added to the list of default permissions (add, change, delete) created for every model when django.contrib.auth is installed. this could be used by django.contrib.admin to allow selected staff to view the changelist and object detail screens, without giving them permission to add, change, or delete objects. even if not used by django.contrib.admin (at least for now), it would also be a useful generic permission in most django applications.
i also think the name of each permission should reference verbose_name_plural instead of verbose_name as it does now. "auth | user | Can add users" makes more sense than "auth | user | Can add user".
attached is a simple patch for these two changes.
Attachments (1)
Change History (7)
by , 18 years ago
| Attachment: | management.diff added |
|---|
comment:1 by , 18 years ago
| Resolution: | → wontfix |
|---|---|
| Status: | new → closed |
This has come up before, and we've marked it as a "wontfix." The admin site isn't intended to be used for viewing information. If you're looking for a tool that will let you view information, stay tuned for a new Django feature called databrowse.
comment:2 by , 18 years ago
| Resolution: | wontfix |
|---|---|
| Status: | closed → reopened |
| Summary: | [patch] add 'view' as a default permission in django.contrib.auth (and django.contrib.admin) → [patch] add 'view' as a default permission in django.contrib.auth |
even if not used by the admin, i think a 'view' permission would be a sensible default to have. after all, these permissions are defined and used by contrib.auth and 3rd party apps, not only contrib.admin. this patch doesn't actually add any view functionality to the admin, it only adds a view permission to contrib.auth and changes the permission name to use verbose_name_plural.
i'm going to re-open this ticket, but if you still feel that this is impacting the admin site as it depends on contrib.auth, feel free to close it again. just wanted to be clear i don't consider this a change to the admin site ;)
comment:3 by , 18 years ago
+1
It's clear for me that there are lots of use cases for a view permission. Many people will end up writing something like that for their site anyway.
comment:4 by , 18 years ago
| Triage Stage: | Unreviewed → Design decision needed |
|---|
I'm not sure you're convincing enough for Adrian, but I'll let him have the final say.
comment:5 by , 18 years ago
| Resolution: | → wontfix |
|---|---|
| Status: | reopened → closed |
Please stick to one issue per ticket. Changing the names of the permissions is one issue, adding a new permission is a second, entirely different issue. It is not possible to deal with two unrelated things at once, because when we close the ticket you don't know if it means one or both are not acceptable.
Please also do not reopen tickets marked as "wontfix". How to handle this is clearly documented in contributing.txt and on the website in the "how to contribute" documentation. It's not too much to ask people to follow those requests.
I think this is also bumping up against row-level permissions, so it really does need a list discussion, doing a compare and contrast with that branch.
Closing again for all the above reasons.
comment:6 by , 18 years ago
...especially since a lot of this (the viewing of data withour edit permissions) can now handled by the shiny new databrowse package.
add 'view' to list of default permissions and use verbose_name_plural in permission name.