#636 closed enhancement (invalid)
Restrict editing of records to owner or person with certain role.
Reported by: | Owned by: | Adrian Holovaty | |
---|---|---|---|
Component: | Core (Other) | Version: | |
Severity: | normal | Keywords: | ownership |
Cc: | Triage Stage: | Unreviewed | |
Has patch: | no | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | no |
Description
Steps for owner handling
Connect owner to permission
A model with an OwnerField() that implicitly references the user table.
The OwnerField() records the creator of a record, and maps to the special
role 'owner', that can be used as a permission.
Restrict editing and listing to certain role
Allow a META field that provides additional permissions to roles, including the special role
'owner'. For instance
permissions = [('add','all'),(['list','edit'],'owner'),('delete','admin')]
such that a all users can add a record, and they can only list and edit their own records,
and only admins can delete the record.
If the role 'owner' is used, the model must have an OwnerField().
Change History (2)
comment:1 by , 19 years ago
comment:2 by , 19 years ago
Resolution: | → invalid |
---|---|
Status: | new → closed |
I'm going to close this ticket in favor of the discussion on django-developers since this problem is far more complicated than it appears at the first glance.
See also this django-developers discussion