Ticket #820: view_permission_patch_1.patch

File view_permission_patch_1.patch, 4.2 KB (added by kayos@…, 19 years ago)

  • django/contrib/admin/templatetags/adminapplist.py

     
    2323                            'add': user.has_perm("%s.%s" % (app_label, m._meta.get_add_permission())),
    2424                            'change': user.has_perm("%s.%s" % (app_label, m._meta.get_change_permission())),
    2525                            'delete': user.has_perm("%s.%s" % (app_label, m._meta.get_delete_permission())),
     26                            'view': user.has_perm("%s.%s" % (app_label, m._meta.get_view_permission())),
    2627                        }
    2728
    2829                        # Check whether user has any perm for this module.

  • django/contrib/admin/views/main.py

     
    7474    IS_POPUP_VAR = 'pop'
    7575
    7676    mod, opts = _get_mod_opts(app_label, module_name)
    77     if not request.user.has_perm(app_label + '.' + opts.get_change_permission()):
     77    if not (request.user.has_perm(app_label + '.' + opts.get_view_permission()) or request.user.has_perm(app_label + '.' + opts.get_change_permission())):
    7878        raise PermissionDenied
    7979
    8080    lookup_mod, lookup_opts = mod, opts
     
    446446                    result_repr = ' '
    447447                if j == 0: # First column is a special case
    448448                    result_id = getattr(result, pk)
    449                     raw_template.append('<th%s><a href="%s/"%s>%s</a></th>' % \
    450                         (row_class, result_id, (is_popup and ' onclick="opener.dismissRelatedLookupPopup(window, %r); return false;"' % result_id or ''), result_repr))
     449                    if request.user.has_perm(app_label + '.' + opts.get_change_permission()):
     450                        raw_template.append('<th%s><a href="%s/"%s>%s</a></th>' % \
     451                            (row_class, result_id, (is_popup and ' onclick="opener.dismissRelatedLookupPopup(window, %r); return false;"' % result_id or ''), result_repr))
     452                    else:
     453                        raw_template.append('<th%s>%s</th>' % (row_class, result_repr))
    451454                else:
    452455                    raw_template.append('<td%s>%s</td>' % (row_class, result_repr))
    453456            raw_template.append('</tr>\n')

  • django/contrib/admin/templates/admin/index.html

     
    1717        <table>
    1818        {% for model in app.models %}
    1919            <tr>
    20             {% if model.perms.change %}
     20            {% if model.perms.view %}
    2121                <th><a href="{{ model.admin_url }}">{{ model.name }}</a></th>
    2222            {% else %}
    2323                <th>{{ model.name }}</th>

  • django/core/meta/__init__.py

     
    268268    def get_delete_permission(self):
    269269        return 'delete_%s' % self.object_name.lower()
    270270
     271    def get_view_permission(self):
     272        return 'view_%s' % self.object_name.lower()
     273
    271274    def get_rel_object_method_name(self, rel_opts, rel_field):
    272275        # This method encapsulates the logic that decides what name to give a
    273276        # method that retrieves related many-to-one objects. Usually it just

  • django/core/management.py

     
    3131    "Returns (codename, name) for all permissions in the given opts."
    3232    perms = []
    3333    if opts.admin:
    34         for action in ('add', 'change', 'delete'):
     34        for action in ('add', 'change', 'delete', 'view'):
    3535            perms.append((_get_permission_codename(action, opts), 'Can %s %s' % (action, opts.verbose_name)))
    3636    return perms + list(opts.permissions)
    3737
Back to Top