id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
21063	AdminSite app_index does work it doesn't need to	Keryn Knight <django@…>	nobody	"If a user doesn't have permissions to a module (as defined by it's app label), the way the [https://github.com/django/django/blob/ec47de77d6a7bc9327047d157fb5706751413f18/django/contrib/admin/sites.py#L403 app_index] works, it will still go through the motions of iterating the modeladmin registry and checking permissions it knows cannot be true, as far as I can see. Having done all that, if the `app_dict` is empty [and it should be], it [https://github.com/django/django/blob/ec47de77d6a7bc9327047d157fb5706751413f18/django/contrib/admin/sites.py#L441 throws a 404], whereas the ModelAdmin views themselves tend to [https://github.com/django/django/blob/ec47de77d6a7bc9327047d157fb5706751413f18/django/contrib/admin/options.py#L1137 raise PermissionDenied]. The fix is pretty simple, and actually simplifies the view, if you believe shallow trumps deep.

Marking as has patch on the basis on an incoming GitHub pull request."	Cleanup/optimization	closed	contrib.admin	dev	Normal	fixed			Unreviewed	1	0	0	0	0	0