Opened 6 years ago

Last modified 12 months ago

#11561 new Bug

raw_id_fields requires that the user has change permissions on the model class that is being linked to

Reported by: dhowden@… Owned by: nobody
Component: contrib.admin Version: 1.0
Severity: Normal Keywords: raw_id_fields permissions
Cc: carlos.palol@… Triage Stage: Accepted
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no


Unlike a plain ForeignKey field which uses a select box, the raw_id_fields listing/search interface requires that the user has change permissions on the model in your ForeignKey.

Change History (10)

comment:1 Changed 6 years ago by russellm

  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset
  • Triage Stage changed from Unreviewed to Accepted

comment:2 Changed 5 years ago by zbyte64

Possible fix would be to add a has_view_permission and the changelist_view would check against that permission instead of has_change_permission

comment:3 Changed 5 years ago by subsume

I bet there's a more comprehensive way to deal with things like this.

For example, a generic admin view which uses contenttypes in situations like this could be created instead of the current limitation of only viewing other registered models' changelists.

comment:4 Changed 5 years ago by julien

  • milestone set to 2.0

#15185 is another use case where the has_change_permission gets in the way of displaying the change list. I'm getting more and more incline to introduce a new "list" (or "read", or "view", or "browse") standard permission so you can display the "change" list without having change permissions. A bit like the difference that exist between "r" and "w" in the Unix file system. Now that might be something for version 2.0 as I imagine this would be seriously backwards incompatible.

comment:5 Changed 5 years ago by julien

  • Severity set to Normal
  • Type set to Bug

comment:6 Changed 4 years ago by julien

  • Easy pickings unset
  • UI/UX unset

On a related note, see #8936 about adding view-only functionality to the admin.

comment:7 Changed 4 years ago by jacob

Milestone 2.0 deleted

comment:8 Changed 4 years ago by carlospalol

  • Cc carlos.palol@… added

comment:9 Changed 3 years ago by kota

However there may be better ways,
I modified some files to fix this issue.

comment:10 Changed 12 months ago by collinanderson

  • Keywords raw_id_fields added; raw_if_fields removed
Note: See TracTickets for help on using tickets.
Back to Top