#17295 closed New feature (duplicate)
Admin "View" permission
| Reported by: | Owned by: | nobody | |
|---|---|---|---|
| Component: | contrib.admin | Version: | |
| Severity: | Normal | Keywords: | admin readonly permission |
| Cc: | Triage Stage: | Unreviewed | |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
In some cases it is useful to give read-only access to a ModelAdmin (for some users/permission holders). At the moment, the "change" permission is needed to view an object, and then further limit this general editing form by defining readonly_fields.
Here's one way how this could be done "manually":
from django.contrib import admin
from django.contrib.admin.util import flatten_fieldsets
class ReadOnlyAdmin(admin.ModelAdmin):
def get_readonly_fields(self, request, obj=None):
# untested, this could do:
# readonly_fields = self.model._meta.get_all_field_names()
# borrowed from ModelAdmin:
if self.declared_fieldsets:
fields = flatten_fieldsets(self.declared_fieldsets)
else:
form = self.get_formset(request, obj).form
fields = form.base_fields.keys()
return fields
def has_add_permission(self, request):
# Nobody is allowed to add
return False
def has_delete_permission(self, request, obj=None):
# Nobody is allowed to delete
return False
What's awkward here is that you now need the "change" permission for read-only access. If I want to further customize by inventing a "view" permission and then checking the request's user for that permission, that is still true and makes it even more awkward - what if I wanted readonly for the "view" permission holders, and readwrite for certain others? The "view" permission holders would still need the "change" permission to even get to see a link in the change_list.
In other words, with the readonly fields functionality taken to the extreme of all fields, at the latest, "change" becomes an inappropriate name for the permission.
I think it may not actually be that hard to define read-only access with a new permission:
- Auto-create a "view" permission (or maybe "access" is a better name)
- change_list shows links to objects if you have the "view" permission, i.e. don't need "change"
- change_form checks if you have "change" permission, if not, automatically sets all fields as read-only
Oh the comfort! :-)
See also http://stackoverflow.com/questions/7920371/whole-model-as-read-only/7965193#7965193
Change History (4)
comment:1 by , 12 years ago
comment:3 by , 12 years ago
Thanks - I was sure there was at least one ticket about this but couldn't find it
P.S.: I think the current "change" permission is a historic remnant, similar to the "is_staff" attribute of users. The admin app is much more powerful and versatile than what they seem to imply...