Django

Code

Ticket #550 (closed: fixed)

Opened 3 years ago

Last modified 2 years ago

[patch] Modify admin site to remove apps, modules, actions that the user does not have permissions for.

Reported by: Jason Huggins Assigned to: adrian
Milestone: Component: django.contrib.admin
Version: Keywords: admin UI permissions
Cc: Triage Stage: Unreviewed
Has patch: 1 Needs documentation: 0
Needs tests: 0 Patch needs improvement: 0

Description

In the current Django admin site, if a user doesn't have permissions to certain apps or modules within Django, the user can still see the entire list of apps, modules, and actions (add and change). The user only finds out that they don't have permission to do something if they follow one of the "add" or "change" links for that module and get a "Permission Denied" page in response.

This patch fixes the admin view so a user can only see modules and actions they have permissions for.

Attachments

patch_limit_admin_view_based_on_user_permissions.txt (5.0 kB) - added by Jason Huggins on 09/23/05 13:40:22.

Change History

09/23/05 13:40:22 changed by Jason Huggins

  • attachment patch_limit_admin_view_based_on_user_permissions.txt added.

09/25/05 13:36:42 changed by adrian

  • status changed from new to assigned.

09/25/05 14:08:45 changed by adrian

  • status changed from assigned to closed.
  • resolution set to fixed.

(In [684]) Fixed #550 -- Default admin template now checks user permissions, hiding apps/modules/actions for which the user doesn't have permissions. Thanks, Jason Huggins

09/26/05 19:47:22 changed by Jason Huggins

adrian wrote: "Thanks, Jason Huggins"

Thank you, adrian. And all the Django users who can no longer see things that they're not supposed to see thank you, too. :-)

Add/Change #550 ([patch] Modify admin site to remove apps, modules, actions that the user does not have permissions for.)




Change Properties
Action