Opened 8 years ago

Closed 8 years ago

Last modified 8 years ago

#3984 closed (wontfix)

[patch] add 'view' as a default permission in django.contrib.auth

Reported by: mrmachine Owned by: adrian
Component: Contrib apps Version: master
Severity: Keywords: auth default permissions view
Cc: real.human@… Triage Stage: Design decision needed
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: UI/UX:

Description

i'd like to see 'view' added to the list of default permissions (add, change, delete) created for every model when django.contrib.auth is installed. this could be used by django.contrib.admin to allow selected staff to view the changelist and object detail screens, without giving them permission to add, change, or delete objects. even if not used by django.contrib.admin (at least for now), it would also be a useful generic permission in most django applications.

i also think the name of each permission should reference verbose_name_plural instead of verbose_name as it does now. "auth | user | Can add users" makes more sense than "auth | user | Can add user".

attached is a simple patch for these two changes.

Attachments (1)

management.diff (781 bytes) - added by mrmachine 8 years ago.
add 'view' to list of default permissions and use verbose_name_plural in permission name.

Download all attachments as: .zip

Change History (7)

Changed 8 years ago by mrmachine

add 'view' to list of default permissions and use verbose_name_plural in permission name.

comment:1 Changed 8 years ago by adrian

  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset
  • Resolution set to wontfix
  • Status changed from new to closed

This has come up before, and we've marked it as a "wontfix." The admin site isn't intended to be used for viewing information. If you're looking for a tool that will let you view information, stay tuned for a new Django feature called databrowse.

comment:2 Changed 8 years ago by mrmachine

  • Resolution wontfix deleted
  • Status changed from closed to reopened
  • Summary changed from [patch] add 'view' as a default permission in django.contrib.auth (and django.contrib.admin) to [patch] add 'view' as a default permission in django.contrib.auth

even if not used by the admin, i think a 'view' permission would be a sensible default to have. after all, these permissions are defined and used by contrib.auth and 3rd party apps, not only contrib.admin. this patch doesn't actually add any view functionality to the admin, it only adds a view permission to contrib.auth and changes the permission name to use verbose_name_plural.

i'm going to re-open this ticket, but if you still feel that this is impacting the admin site as it depends on contrib.auth, feel free to close it again. just wanted to be clear i don't consider this a change to the admin site ;)

comment:3 Changed 8 years ago by philippe.raoult@…

+1
It's clear for me that there are lots of use cases for a view permission. Many people will end up writing something like that for their site anyway.

comment:4 Changed 8 years ago by SmileyChris

  • Triage Stage changed from Unreviewed to Design decision needed

I'm not sure you're convincing enough for Adrian, but I'll let him have the final say.

comment:5 Changed 8 years ago by mtredinnick

  • Resolution set to wontfix
  • Status changed from reopened to closed

Please stick to one issue per ticket. Changing the names of the permissions is one issue, adding a new permission is a second, entirely different issue. It is not possible to deal with two unrelated things at once, because when we close the ticket you don't know if it means one or both are not acceptable.

Please also do not reopen tickets marked as "wontfix". How to handle this is clearly documented in contributing.txt and on the website in the "how to contribute" documentation. It's not too much to ask people to follow those requests.

I think this is also bumping up against row-level permissions, so it really does need a list discussion, doing a compare and contrast with that branch.

Closing again for all the above reasons.

comment:6 Changed 8 years ago by Simon G. <dev@…>

...especially since a lot of this (the viewing of data withour edit permissions) can now handled by the shiny new databrowse package.

Note: See TracTickets for help on using tickets.
Back to Top