Changes between Version 2 and Version 3 of Ticket #29012
- Timestamp:
- Jan 11, 2018, 11:10:54 AM (7 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #29012 – Description
v2 v3 14 14 First, and possibly the best, solution to this is that, django does not deny permission if obj argument is provided, but just ignores it. This way by properly ordering backends in the settings, it could be a fallback solution for the lower level checkers. This might be the move in the right direction, although it is backwards incompatible. 15 15 16 A second solution is a keyword argument, such as fallback_to_model=False, that will allow lower-level checkers mimic the model level permissions that django does. If the first solution is not accepted, this is needed to get the necessary permissions with one round of polling. Otherwise, it seems like it is still a useful addition since it would allow backends to prefer to handle the fallback by themselves.16 A second solution is a keyword argument, such as `fallback_to_model=None`, that will allow lower-level checkers mimic the model level permissions that django does. If the first solution is not accepted, this is needed to get the necessary permissions with one round of polling (and without cluttering the code). It would still be a useful addition since it would allow backends to prefer to handle the fallback by themselves. Or, it would allow users who fallback by default override that behavior and not fallback (via a value of `False`), i.e., object level permissions are definitive. 17 17