Opened 4 years ago
Closed 4 years ago
#32001 closed New feature (duplicate)
Pass obj to user.has_perm() in ModelAdmin
| Reported by: | Alexander Todorov | Owned by: | nobody |
|---|---|---|---|
| Component: | contrib.admin | Version: | 3.1 |
| Severity: | Normal | Keywords: | |
| Cc: | Triage Stage: | Unreviewed | |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description (last modified by )
ModelAdmin calls use.has_perm() without passing the underlying object when present. This is valid for
has_change_permission(), has_delete_permission() and has_view_permission() methods.
As-is applications which use backends providing object level permissions, like django-guardian can't rely on the built-in functionality of the admin panel (like edit/delete) to take into account the permissions assigned on the object.
Related tickets #11383 and #13539
POC PR https://github.com/django/django/pull/13418 (still WIP at the time of writing).
Change History (4)
comment:1 by , 4 years ago
| Description: | modified (diff) |
|---|
comment:2 by , 4 years ago
comment:3 by , 4 years ago
Yet another related comment https://code.djangoproject.com/ticket/13539#comment:21. This ticket should probably be closed as a duplicate to 13539 b/c they seem to be the same root cause in the end.
comment:4 by , 4 years ago
| Has patch: | unset |
|---|---|
| Resolution: | → duplicate |
| Status: | new → closed |
| Summary: | RFE: Pass obj in user.has_perm() in ModelAdmin → Pass obj to user.has_perm() in ModelAdmin |
Agreed, passing obj will fix #13539, so we can close it as a duplicate.
Related comment https://code.djangoproject.com/ticket/13539#comment:20