Opened 4 years ago

Closed 4 years ago

#18814 closed New feature (duplicate)

setting up view permission to user

Reported by: digambar Owned by: nobody
Component: contrib.auth Version: 1.3
Severity: Release blocker Keywords:
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no


There is no "Can view profile" permission available for user.
When admin wants to create a new user which will only view profile
when you set the "Can view profile" permission.
That user should not add & edit profile. It only can view the profile.

Change History (2)

comment:1 Changed 4 years ago by digambar

  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset
  • Type changed from Uncategorized to New feature
  • Version changed from 1.4 to 1.3

comment:2 Changed 4 years ago by russellm

  • Resolution set to duplicate
  • Status changed from new to closed

Marking as a duplicate of #820 and #7150.

Repeating something that I've said on the mailing list in the past: Django
1.2 added two features that lead me to believe that the time may have
come to revisit the earlier decisions to avoid view permissions.

Firstly, we added readonly fields. Ultimately, a readonly view is just
a view where all the fields are readonly; to me, it seems like a small
jump from "specifying an admin with N readonly fields" to "specifying
an admin that is all readonly fields".

Secondly, we added a framework for per-object permissions. Although
the API is in place for this, I'm not convinced that the consequences
of this change have been fully reflected in the admin. After all, it's
now possible to have a list of objects, but only have access to edit
some of those objects - but that doesn't mean you can't *see* the
remaining object - especially in the context of foreign key relations.

So -- I'm at least willing to entertain the discussion about adding
this as a first-class feature of the admin. If this is a feature that
you are enthused by, then put together a full proposal describing
exactly what you would like to add (possibly with a prototype patch),
and we can have the discussion over whether we should add this feature
to trunk -- or whether, like with per-object permissions, we just need
to expose an better API to make it easier to add view permissions as
an end-user.

Note: See TracTickets for help on using tickets.
Back to Top