Inconsistency with permissions for proxy models
|Reported by:||Dave Hall||Owned by:|
|Severity:||Normal||Keywords:||proxy contenttype permission|
|Cc:||omat@…, david@…, walter+django@…, Simon Meers, Jari Pennanen, Dave Hall, thepapermen, kmike84@…, danny.adair@…, omer.drow@…, German M. Bravo, danols@…, charette.s@…, saxix.rome@…, 4glitch@…, maa@…, kegan@…, hv@…, Simon Charette||Triage Stage:||Accepted|
|Has patch:||yes||Needs documentation:||yes|
|Needs tests:||no||Patch needs improvement:||yes|
Summary: The content type framework treats proxy models and their parent as the same model. The permissions framework treats them as separate models.
This is complicated, and best explained by example. First of all, create this model:
class UserProxy(User): class Meta: proxy = True app_label = "foo"
This will result in three new permission objects being created: "auth.add_userproxy", "auth.change_userproxy", "auth.delete_userproxy"
However, when the admin site checks for permissions for this model, it will be looking for permissions called: "foo.add_userproxy", "foo.change_userproxy", "foo.delete_userproxy"
The inconsistency lies in that permissions are created using the ContentType of the proxy model's parent class. However, permissions are checked using the app_label of the proxy model itself.
In order to reconcile this, there appear to be two options:
- Allow each proxy model to have it's own ContentType.
- Make ProxyModel._meta.app_label return the app label of the parent model.
Personally, it makes sense to me that each proxy model has its own ContentType. Since proxy models can represent subsets of the parent model, they require different admin permissions. In order to have different admin permissions, they need to have their own content types.
The current situation is a horrible mess of both approaches. The content type framework treats proxy models as being the same as their parent model. The permissions framework treats them as different.
I realise that this is something of a design decision for the framework. I leave it up to greater minds than mine to come up with a solution!
Change History (58)
comment:2 Changed 8 years ago by
|milestone:||1.1 → 1.2|
|Triage Stage:||Unreviewed → Design decision needed|
comment:35 Changed 5 years ago by
comment:42 Changed 5 years ago by
|Keywords:||proxy contenttype permission added|
comment:46 Changed 4 years ago by
|Owner:||changed from nobody to Simon Charette|
|Status:||new → assigned|
comment:53 Changed 2 years ago by
|Cc:||Simon Charette added|
|Owner:||Simon Charette deleted|
|Patch needs improvement:||set|
|Status:||assigned → new|