Opened 4 years ago
Last modified 4 years ago
#32001 closed New feature
RFE: Pass obj in user.has_perm() in ModelAdmin — at Initial Version
| Reported by: | Alexander Todorov | Owned by: | nobody |
|---|---|---|---|
| Component: | contrib.admin | Version: | 3.1 |
| Severity: | Normal | Keywords: | |
| Cc: | Triage Stage: | Unreviewed | |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
ModelAdmin calls use.has_perm() without passing the underlying object when present. This is valid for
has_change_permission(), has_delete_permission() and has_view_permission() methods.
As-is applications which use backends providing object level permissions, like django-guardian can't rely on the built-in functionality of the admin panel (like edit/delete) to take into account the permissions assigned on the object.
Related tickets #11383 and #13539
POC PR https://github.com/django/django/pull/13414 (still WIP at the time of writing).
Note:
See TracTickets
for help on using tickets.