Opened 4 years ago
Last modified 4 years ago
#32001 closed New feature
RFE: Pass obj in user.has_perm() in ModelAdmin — at Version 1
Reported by: | Alexander Todorov | Owned by: | nobody |
---|---|---|---|
Component: | contrib.admin | Version: | 3.1 |
Severity: | Normal | Keywords: | |
Cc: | Triage Stage: | Unreviewed | |
Has patch: | no | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | no |
Description (last modified by )
ModelAdmin calls use.has_perm() without passing the underlying object when present. This is valid for
has_change_permission(), has_delete_permission() and has_view_permission() methods.
As-is applications which use backends providing object level permissions, like django-guardian can't rely on the built-in functionality of the admin panel (like edit/delete) to take into account the permissions assigned on the object.
Related tickets #11383 and #13539
POC PR https://github.com/django/django/pull/13418 (still WIP at the time of writing).