Ticket #7150: newforms-admin-view-permission-r7737.patch

File newforms-admin-view-permission-r7737.patch, 5.7 KB (added by tclineks, 7 years ago)

cleaned up and rebased to r7737

  • db/models/options.py

     
    296296    def get_delete_permission(self):
    297297        return 'delete_%s' % self.object_name.lower()
    298298
     299    def get_view_permission(self):
     300        return 'view_%s' % self.object_name.lower()
     301
    299302    def get_all_related_objects(self, local_only=False):
    300303        try:
    301304            self._related_objects_cache
  • contrib/admin/options.py

     
    319319        opts = self.opts
    320320        return request.user.has_perm(opts.app_label + '.' + opts.get_delete_permission())
    321321
     322    def has_view_permission(self, request, obj=None):
     323        """
     324        Returns True if the given request has permission to view the given
     325        Django model instance.
     326
     327        If `obj` is None, this should return True if the given request has
     328        permission to view *any* object of the given type.
     329        """
     330        opts = self.opts
     331        return request.user.has_perm(opts.app_label + '.' + opts.get_view_permission())
     332
    322333    def queryset(self, request):
    323334        """
    324335        Returns a QuerySet of all model instances that can be edited by the
     
    557568            # to determine whether a given object exists.
    558569            obj = None
    559570
    560         if not self.has_change_permission(request, obj):
     571        if not (self.has_change_permission(request, obj) or (not request.POST and self.has_view_permission(request, obj))):
    561572            raise PermissionDenied
    562573
    563574        if obj is None:
     
    625636        from django.contrib.admin.views.main import ChangeList, ERROR_FLAG
    626637        opts = self.model._meta
    627638        app_label = opts.app_label
    628         if not self.has_change_permission(request, None):
     639        if not (self.has_change_permission(request, None) or (not request.POST and self.has_view_permission(request, None))):
    629640            raise PermissionDenied
    630641        try:
    631642            cl = ChangeList(request, self.model, self.list_display, self.list_display_links, self.list_filter,
  • contrib/admin/templatetags/admin_modify.py

     
    1616        'show_save_and_add_another': context['has_add_permission'] and
    1717                            not is_popup and (not save_as or context['add']),
    1818        'show_save_and_continue': not is_popup and context['has_change_permission'],
    19         'show_save': True
     19        'show_save': change and context['has_change_permission'] or context['add'] and context['has_add_permission']
    2020    }
    2121submit_row = register.inclusion_tag('admin/submit_line.html', takes_context=True)(submit_row)
  • contrib/admin/templates/admin/index.html

     
    1919        <caption>{% blocktrans with app.name as name %}{{ name }}{% endblocktrans %}</caption>
    2020        {% for model in app.models %}
    2121            <tr>
    22             {% if model.perms.change %}
     22            {% if model.perms.change or model.perms.view %}
    2323                <th scope="row"><a href="{{ model.admin_url }}">{{ model.name }}</a></th>
    2424            {% else %}
    2525                <th scope="row">{{ model.name }}</th>
  • contrib/admin/sites.py

     
    276276                    'add': model_admin.has_add_permission(request),
    277277                    'change': model_admin.has_change_permission(request),
    278278                    'delete': model_admin.has_delete_permission(request),
     279                    'view': model_admin.has_view_permission(request),
    279280                }
    280281
    281282                # Check whether user has any perm for this module.
  • contrib/auth/models.py

     
    6565        - The "add" permission limits the user's ability to view the "add" form and add an object.
    6666        - The "change" permission limits a user's ability to view the change list, view the "change" form and change an object.
    6767        - The "delete" permission limits the ability to delete an object.
     68        - The "view" permission limits the ability to view the change list and view the object detail page.
    6869
    6970    Permissions are set globally per type of object, not per specific object instance. It is possible to say "Mary may change news stories," but it's not currently possible to say "Mary may change news stories, but only the ones she created herself" or "Mary may only change news stories that have a certain status or publication date."
    7071
  • contrib/auth/management/__init__.py

     
    1212def _get_all_permissions(opts):
    1313    "Returns (codename, name) for all permissions in the given opts."
    1414    perms = []
    15     for action in ('add', 'change', 'delete'):
     15    for action in ('add', 'change', 'delete', 'view'):
    1616        perms.append((_get_permission_codename(action, opts), u'Can %s %s' % (action, opts.verbose_name_raw)))
    1717    return perms + list(opts.permissions)
    1818
Back to Top