Opened 13 years ago

Closed 13 years ago

Last modified 12 years ago

#636 closed enhancement (invalid)

Restrict editing of records to owner or person with certain role.

Reported by: jhf@… Owned by: Adrian Holovaty
Component: Core (Other) Version:
Severity: normal Keywords: ownership
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no


Steps for owner handling

Connect owner to permission

A model with an OwnerField() that implicitly references the user table.
The OwnerField() records the creator of a record, and maps to the special
role 'owner', that can be used as a permission.

Restrict editing and listing to certain role

Allow a META field that provides additional permissions to roles, including the special role
'owner'. For instance
permissions = [('add','all'),(['list','edit'],'owner'),('delete','admin')]
such that a all users can add a record, and they can only list and edit their own records,
and only admins can delete the record.
If the role 'owner' is used, the model must have an OwnerField().

Change History (2)

comment:2 Changed 13 years ago by Jacob

Resolution: invalid
Status: newclosed

I'm going to close this ticket in favor of the discussion on django-developers since this problem is far more complicated than it appears at the first glance.

Note: See TracTickets for help on using tickets.
Back to Top