Opened 4 years ago

Last modified 4 years ago

#32001 closed New feature

RFE: Pass obj in user.has_perm() in ModelAdmin — at Initial Version

Reported by: Alexander Todorov Owned by: nobody
Component: contrib.admin Version: 3.1
Severity: Normal Keywords:
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

ModelAdmin calls use.has_perm() without passing the underlying object when present. This is valid for
has_change_permission(), has_delete_permission() and has_view_permission() methods.

As-is applications which use backends providing object level permissions, like django-guardian can't rely on the built-in functionality of the admin panel (like edit/delete) to take into account the permissions assigned on the object.

Related tickets #11383 and #13539

POC PR https://github.com/django/django/pull/13414 (still WIP at the time of writing).

Change History (0)

Note: See TracTickets for help on using tickets.
Back to Top