Opened 14 years ago

Last modified 9 months ago

#15759 new Bug

list_editable should respect per-object permissions

Reported by: Jeremy Dunck Owned by: nobody
Component: contrib.admin Version: dev
Severity: Normal Keywords:
Cc: jdunck@…, Ülgen Sarıkavak Triage Stage: Accepted
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

Currently, list_editable for admin displays form fields for all objects, even if an auth backend supports per-object permissions.

This allows editing of objects even if the user shouldn't be able to.

If there's a backend that supports per-object permissions, only those rows which allow editing should have edit fields.

I think this means that FormSet created in changelist_view needs to be passed a result_list which is annotated with per-object permission flags, and modelform_factory should respect those flags.

Change History (6)

comment:1 by Julien Phalip, 14 years ago

Triage Stage: UnreviewedAccepted

Yes, this makes a lot of sense. The trick will be to annotate the result list in a way that doesn't impact performance too much.

comment:2 by Jeremy Dunck, 14 years ago

Cc: jdunck@… added

comment:3 by Aymeric Augustin, 13 years ago

UI/UX: unset

Change UI/UX from NULL to False.

comment:4 by Aymeric Augustin, 13 years ago

Easy pickings: unset

Change Easy pickings from NULL to False.

comment:5 by Asif Saifuddin Auvi, 6 years ago

Version: 1.3master

comment:6 by Ülgen Sarıkavak, 9 months ago

Cc: Ülgen Sarıkavak added
Note: See TracTickets for help on using tickets.
Back to Top