[patch] Modify admin site to remove apps, modules, actions that the user does not have permissions for.
|Reported by:||Jason Huggins||Owned by:||Adrian Holovaty|
|Severity:||normal||Keywords:||admin UI permissions|
|Has patch:||yes||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||no|
In the current Django admin site, if a user doesn't have permissions to certain apps or modules within Django, the user can still see the entire list of apps, modules, and actions (add and change). The user only finds out that they don't have permission to do something if they follow one of the "add" or "change" links for that module and get a "Permission Denied" page in response.
This patch fixes the admin view so a user can only see modules and actions they have permissions for.