Opened 7 years ago

Last modified 2 years ago

#11561 new Bug

raw_id_fields requires that the user has change permissions on the model class that is being linked to

Reported by: dhowden@… Owned by: nobody
Component: contrib.admin Version: 1.0
Severity: Normal Keywords: raw_id_fields permissions
Cc: carlos.palol@… Triage Stage: Accepted
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

Unlike a plain ForeignKey field which uses a select box, the raw_id_fields listing/search interface requires that the user has change permissions on the model in your ForeignKey.

Change History (10)

comment:1 Changed 7 years ago by Russell Keith-Magee

Triage Stage: UnreviewedAccepted

comment:2 Changed 6 years ago by zbyte64

Possible fix would be to add a has_view_permission and the changelist_view would check against that permission instead of has_change_permission

comment:3 Changed 6 years ago by Yeago

I bet there's a more comprehensive way to deal with things like this.

For example, a generic admin view which uses contenttypes in situations like this could be created instead of the current limitation of only viewing other registered models' changelists.

comment:4 Changed 6 years ago by Julien Phalip

milestone: 2.0

#15185 is another use case where the has_change_permission gets in the way of displaying the change list. I'm getting more and more incline to introduce a new "list" (or "read", or "view", or "browse") standard permission so you can display the "change" list without having change permissions. A bit like the difference that exist between "r" and "w" in the Unix file system. Now that might be something for version 2.0 as I imagine this would be seriously backwards incompatible.

comment:5 Changed 6 years ago by Julien Phalip

Severity: Normal
Type: Bug

comment:6 Changed 5 years ago by Julien Phalip

Easy pickings: unset
UI/UX: unset

On a related note, see #8936 about adding view-only functionality to the admin.

comment:7 Changed 5 years ago by Jacob

Milestone 2.0 deleted

comment:8 Changed 5 years ago by Carlos Palol

Cc: carlos.palol@… added

comment:9 Changed 4 years ago by kota

However there may be better ways,
I modified some files to fix this issue.
https://gist.github.com/4329401/

comment:10 Changed 2 years ago by Collin Anderson

Keywords: raw_id_fields added; raw_if_fields removed
Note: See TracTickets for help on using tickets.
Back to Top