Ticket #7150: admin_view-permission-1.0.patch

File admin_view-permission-1.0.patch, 5.5 KB (added by tclineks, 6 years ago)

rebased to django 1.0 (r8961)

  • django/contrib/admin/options.py

    diff --git a/django/contrib/admin/options.py b/django/contrib/admin/options.py
    a b  
    234234        """
    235235        opts = self.opts
    236236        return request.user.has_perm(opts.app_label + '.' + opts.get_delete_permission())
     237
     238    def has_view_permission(self, request, obj=None):
     239        """
     240        Returns True if the given request has permission to view the given
     241        Django model instance.
     242
     243        If `obj` is None, this should return True if the given request has
     244        permission to view *any* object of the given type.
     245        """
     246        opts = self.opts
     247        return request.user.has_perm(opts.app_label + '.' + opts.get_view_permission())
    237248
    238249    def queryset(self, request):
    239250        """
     
    561572            # to determine whether a given object exists.
    562573            obj = None
    563574
    564         if not self.has_change_permission(request, obj):
     575        if not (self.has_change_permission(request, obj) or (not request.POST and self.has_view_permission(request, obj))):
    565576            raise PermissionDenied
    566577
    567578        if obj is None:
     
    631642        from django.contrib.admin.views.main import ChangeList, ERROR_FLAG
    632643        opts = self.model._meta
    633644        app_label = opts.app_label
    634         if not self.has_change_permission(request, None):
     645        if not (self.has_change_permission(request, None) or (not request.POST and self.has_view_permission(request, None))):
    635646            raise PermissionDenied
    636647        try:
    637648            cl = ChangeList(request, self.model, self.list_display, self.list_display_links, self.list_filter,
  • django/contrib/admin/sites.py

    diff --git a/django/contrib/admin/sites.py b/django/contrib/admin/sites.py
    a b  
    281281                    'add': model_admin.has_add_permission(request),
    282282                    'change': model_admin.has_change_permission(request),
    283283                    'delete': model_admin.has_delete_permission(request),
     284                    'view': model_admin.has_view_permission(request),
    284285                }
    285286
    286287                # Check whether user has any perm for this module.
  • django/contrib/admin/templates/admin/index.html

    diff --git a/django/contrib/admin/templates/admin/index.html b/django/contrib/admin/templates/admin/index.html
    a b  
    1919        <caption><a href="{{ app.app_url }}" class="section">{% blocktrans with app.name as name %}{{ name }}{% endblocktrans %}</a></caption>
    2020        {% for model in app.models %}
    2121            <tr>
    22             {% if model.perms.change %}
     22            {% if model.perms.change or model.perms.view %}
    2323                <th scope="row"><a href="{{ model.admin_url }}">{{ model.name }}</a></th>
    2424            {% else %}
    2525                <th scope="row">{{ model.name }}</th>
  • django/contrib/admin/templatetags/admin_modify.py

    diff --git a/django/contrib/admin/templatetags/admin_modify.py b/django/contrib/admin/templatetags/admin_modify.py
    a b  
    3434                            not is_popup and (not save_as or context['add']),
    3535        'show_save_and_continue': not is_popup and context['has_change_permission'],
    3636        'is_popup': is_popup,
    37         'show_save': True
     37        'show_save': change and context['has_change_permission'] or context['add'] and context['has_add_permission']
    3838    }
    3939submit_row = register.inclusion_tag('admin/submit_line.html', takes_context=True)(submit_row)
  • django/contrib/auth/management/__init__.py

    diff --git a/django/contrib/auth/management/__init__.py b/django/contrib/auth/management/__init__.py
    a b  
    1111def _get_all_permissions(opts):
    1212    "Returns (codename, name) for all permissions in the given opts."
    1313    perms = []
    14     for action in ('add', 'change', 'delete'):
     14    for action in ('add', 'change', 'delete', 'view'):
    1515        perms.append((_get_permission_codename(action, opts), u'Can %s %s' % (action, opts.verbose_name_raw)))
    1616    return perms + list(opts.permissions)
    1717
  • django/contrib/auth/models.py

    diff --git a/django/contrib/auth/models.py b/django/contrib/auth/models.py
    a b  
    6464        - The "add" permission limits the user's ability to view the "add" form and add an object.
    6565        - The "change" permission limits a user's ability to view the change list, view the "change" form and change an object.
    6666        - The "delete" permission limits the ability to delete an object.
     67        - The "view" permission limits the ability to view the change list and view the object detail page.
    6768
    6869    Permissions are set globally per type of object, not per specific object instance. It is possible to say "Mary may change news stories," but it's not currently possible to say "Mary may change news stories, but only the ones she created herself" or "Mary may only change news stories that have a certain status or publication date."
    6970
  • django/db/models/options.py

    diff --git a/django/db/models/options.py b/django/db/models/options.py
    a b  
    331331    def get_delete_permission(self):
    332332        return 'delete_%s' % self.object_name.lower()
    333333
     334    def get_view_permission(self):
     335        return 'view_%s' % self.object_name.lower()
     336
    334337    def get_all_related_objects(self, local_only=False):
    335338        try:
    336339            self._related_objects_cache
Back to Top