Ticket #7150: django-svn-view-permission.patch

django/db/models/options.py

@@ -293 +293 @@
     def get_delete_permission(self):
         return 'delete_%s' % self.object_name.lower()
 
+    def get_view_permission(self):
+        return 'view_%s' % self.object_name.lower()
+
     def get_all_related_objects(self, local_only=False):
         try:
             self._related_objects_cache

django/contrib/admin/templatetags/adminapplist.py

@@ -32 +32 @@
                             'add': user.has_perm("%s.%s" % (app_label, m._meta.get_add_permission())),
                             'change': user.has_perm("%s.%s" % (app_label, m._meta.get_change_permission())),
                             'delete': user.has_perm("%s.%s" % (app_label, m._meta.get_delete_permission())),
+                            'view': user.has_perm("%s.%s" % (app_label, m._meta.get_view_permission())),
                         }
 
                         # Check whether user has any perm for this module.

django/contrib/admin/views/main.py

@@ -315 +315 @@
     opts = model._meta
 
     if not request.user.has_perm(app_label + '.' + opts.get_change_permission()):
-        raise PermissionDenied
+                if not request.user.has_perm(app_label + '.' + opts.get_view_permission()):
+                        raise PermissionDenied
 
     if request.POST and "_saveasnew" in request.POST:
         return add_stage(request, app_label, model_name, form_url='../../add/')
@@ -752 +753 @@
     if model is None:
         raise Http404("App %r, model %r, not found" % (app_label, model_name))
     if not request.user.has_perm(app_label + '.' + model._meta.get_change_permission()):
-        raise PermissionDenied
+                if not request.user.has_perm(app_label + '.' + model._meta.get_view_permission()):
+                        raise PermissionDenied
     try:
         cl = ChangeList(request, model)
     except IncorrectLookupParameters:

django/contrib/admin/templates/admin/index.html

@@ -20 +20 @@
             <tr>
             {% if model.perms.change %}
                 <th scope="row"><a href="{{ model.admin_url }}">{{ model.name }}</a></th>
+            {% else %}{% if model.perms.view %}
+                <th scope="row"><a href="{{ model.admin_url }}">{{ model.name }}</a></th>
             {% else %}
                 <th scope="row">{{ model.name }}</th>
-            {% endif %}
+            {% endif %}{% endif %}
 
             {% if model.perms.add %}
                 <td><a href="{{ model.admin_url }}add/" class="addlink">{% trans 'Add' %}</a></td>

django/contrib/auth/management.py

@@ -12 +12 @@
 def _get_all_permissions(opts):
     "Returns (codename, name) for all permissions in the given opts."
     perms = []
-    for action in ('add', 'change', 'delete'):
+    for action in ('add', 'change', 'delete', 'view'):
         perms.append((_get_permission_codename(action, opts), u'Can %s %s' % (action, opts.verbose_name_raw)))
     return perms + list(opts.permissions)
 

django/contrib/auth/models.py

@@ -65 +65 @@
         - The "add" permission limits the user's ability to view the "add" form and add an object.
         - The "change" permission limits a user's ability to view the change list, view the "change" form and change an object.
         - The "delete" permission limits the ability to delete an object.
+        - The "view" permission limits the ability to view data (if none of the above is missing)
 
     Permissions are set globally per type of object, not per specific object instance. It is possible to say "Mary may change news stories," but it's not currently possible to say "Mary may change news stories, but only the ones she created herself" or "Mary may only change news stories that have a certain status or publication date."