Opened 4 years ago
Closed 4 years ago
#32001 closed New feature (duplicate)
Pass obj to user.has_perm() in ModelAdmin
Reported by: | Alexander Todorov | Owned by: | nobody |
---|---|---|---|
Component: | contrib.admin | Version: | 3.1 |
Severity: | Normal | Keywords: | |
Cc: | Triage Stage: | Unreviewed | |
Has patch: | no | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | no |
Description (last modified by )
ModelAdmin calls use.has_perm() without passing the underlying object when present. This is valid for
has_change_permission(), has_delete_permission() and has_view_permission() methods.
As-is applications which use backends providing object level permissions, like django-guardian can't rely on the built-in functionality of the admin panel (like edit/delete) to take into account the permissions assigned on the object.
Related tickets #11383 and #13539
POC PR https://github.com/django/django/pull/13418 (still WIP at the time of writing).
Change History (4)
comment:1 by , 4 years ago
Description: | modified (diff) |
---|
comment:2 by , 4 years ago
comment:3 by , 4 years ago
Yet another related comment https://code.djangoproject.com/ticket/13539#comment:21. This ticket should probably be closed as a duplicate to 13539 b/c they seem to be the same root cause in the end.
comment:4 by , 4 years ago
Has patch: | unset |
---|---|
Resolution: | → duplicate |
Status: | new → closed |
Summary: | RFE: Pass obj in user.has_perm() in ModelAdmin → Pass obj to user.has_perm() in ModelAdmin |
Agreed, passing obj
will fix #13539, so we can close it as a duplicate.
Related comment https://code.djangoproject.com/ticket/13539#comment:20