#8146 closed (invalid)
Admin doesn't consider custom permission methods when displaying index page
Reported by: | Owned by: | nobody | |
---|---|---|---|
Component: | Contrib apps | Version: | dev |
Severity: | Keywords: | admin permissions | |
Cc: | Triage Stage: | Design decision needed | |
Has patch: | yes | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | no |
Description
I have a ModelAdmin subclass that overrides has_*_permission(), but doesn't display when it should because the admin app index page view only checks those methods if user.has_module_perms(app_label) is True. It should always check them, regardless of whether ordinary permissions are present in the database.
Attachments (1)
Change History (11)
by , 16 years ago
Attachment: | sites.py.diff added |
---|
comment:1 by , 16 years ago
Has patch: | set |
---|
comment:2 by , 16 years ago
milestone: | → 1.0 |
---|---|
Triage Stage: | Unreviewed → Design decision needed |
comment:3 by , 16 years ago
Resolution: | → invalid |
---|---|
Status: | new → closed |
It feels like this is asking for a way to say something contradictory: you want to tell Django that the user has no permissions for the app, but you also want to tell Django that the user does have some permissions for the app.
comment:4 by , 16 years ago
Resolution: | invalid |
---|---|
Status: | closed → reopened |
The standard permissions can only give access to all of the records or none of them. How to indicate that a user can edit *some* records -- his own articles, for example?
comment:5 by , 16 years ago
Resolution: | → invalid |
---|---|
Status: | reopened → closed |
Agreed with James (ubernostrum); this isn't what the permissions system is designed for.
Also, as a general rule, please don't reopen tickets marked invalid/wontfix; take it up on django-dev if you disagree.
comment:6 by , 16 years ago
How should I implement this functionality in an admin site then?
(Sorry about the re-open -- just trying to make things easier for you.)
comment:7 by , 16 years ago
You mean the permissions system wasn't designed to do runtime checks to determine if the user has permission to perform an arbitrary action? What is it supposed to do then?
comment:8 by , 16 years ago
Resolution: | invalid |
---|---|
Status: | closed → reopened |
Other than clutter up Google's search results, since it doesn't do what a permissions system typically does...
comment:9 by , 16 years ago
Resolution: | → invalid |
---|---|
Status: | reopened → closed |
Please don't reopen tickets closed by core commiters (not 1 but 2), if you would like to further discuss this please use the django-developers mailing list.
Removes has_module_perms check, and unindents the following code block.