Opened 15 years ago
Last modified 10 years ago
#11561 new Bug
raw_id_fields requires that the user has change permissions on the model class that is being linked to
Reported by: | Owned by: | nobody | |
---|---|---|---|
Component: | contrib.admin | Version: | 1.0 |
Severity: | Normal | Keywords: | raw_id_fields permissions |
Cc: | carlos.palol@… | Triage Stage: | Accepted |
Has patch: | no | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | no |
Description
Unlike a plain ForeignKey field which uses a select box, the raw_id_fields listing/search interface requires that the user has change permissions on the model in your ForeignKey.
Change History (10)
comment:1 by , 15 years ago
Triage Stage: | Unreviewed → Accepted |
---|
comment:2 by , 14 years ago
comment:3 by , 14 years ago
I bet there's a more comprehensive way to deal with things like this.
For example, a generic admin view which uses contenttypes in situations like this could be created instead of the current limitation of only viewing other registered models' changelists.
comment:4 by , 14 years ago
milestone: | → 2.0 |
---|
#15185 is another use case where the has_change_permission
gets in the way of displaying the change list. I'm getting more and more incline to introduce a new "list" (or "read", or "view", or "browse") standard permission so you can display the "change" list without having change permissions. A bit like the difference that exist between "r" and "w" in the Unix file system. Now that might be something for version 2.0 as I imagine this would be seriously backwards incompatible.
comment:5 by , 14 years ago
Severity: | → Normal |
---|---|
Type: | → Bug |
comment:6 by , 13 years ago
Easy pickings: | unset |
---|---|
UI/UX: | unset |
On a related note, see #8936 about adding view-only functionality to the admin.
comment:8 by , 13 years ago
Cc: | added |
---|
comment:9 by , 12 years ago
However there may be better ways,
I modified some files to fix this issue.
https://gist.github.com/4329401/
comment:10 by , 10 years ago
Keywords: | raw_id_fields added; raw_if_fields removed |
---|
Possible fix would be to add a has_view_permission and the changelist_view would check against that permission instead of has_change_permission