Changes between Initial Version and Version 1 of Ticket #31093
- Timestamp:
- Dec 15, 2019, 8:26:46 AM (5 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #31093 – Description
initial v1 1 1 Permissions on objects are based on two mechanisms that developers have to implement: 2 2 3 - returning if a user has a permission on an object instance 3 4 - filtering a queryset based on a user object and eventually a permission name 4 - returning if a user has a permission on an object instance5 5 6 6 Currently, permission backend allows developers to implement the first mechanism: you can allow a specific permission on an object with the permission backend. … … 21 21 }}} 22 22 23 However, permission framework does not include a the first security feature mentioned: getting a filtered queryset with objects a user should be able to see, eventually for a given permission. Such implementation could look like:23 However, permission framework should also allow developers to implement the second security mechanism: getting a filtered queryset with objects a user should be able to see, eventually for a given permission. Such implementation could look like: 24 24 25 25