Opened 13 years ago

Closed 13 years ago

Last modified 11 years ago

#550 closed enhancement (fixed)

[patch] Modify admin site to remove apps, modules, actions that the user does not have permissions for.

Reported by: Jason Huggins Owned by: Adrian Holovaty
Component: contrib.admin Version:
Severity: normal Keywords: admin UI permissions
Cc: Triage Stage: Unreviewed
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: UI/UX:


In the current Django admin site, if a user doesn't have permissions to certain apps or modules within Django, the user can still see the entire list of apps, modules, and actions (add and change). The user only finds out that they don't have permission to do something if they follow one of the "add" or "change" links for that module and get a "Permission Denied" page in response.

This patch fixes the admin view so a user can only see modules and actions they have permissions for.

Attachments (1)

patch_limit_admin_view_based_on_user_permissions.txt (5.0 KB) - added by Jason Huggins 13 years ago.

Download all attachments as: .zip

Change History (4)

Changed 13 years ago by Jason Huggins

comment:1 Changed 13 years ago by Adrian Holovaty

Status: newassigned

comment:2 Changed 13 years ago by Adrian Holovaty

Resolution: fixed
Status: assignedclosed

(In [684]) Fixed #550 -- Default admin template now checks user permissions, hiding apps/modules/actions for which the user doesn't have permissions. Thanks, Jason Huggins

comment:3 Changed 13 years ago by Jason Huggins

adrian wrote: "Thanks, Jason Huggins"

Thank you, adrian. And all the Django users who can no longer see things that they're not supposed to see thank you, too. :-)

Note: See TracTickets for help on using tickets.
Back to Top