Restrict editing of records to owner or person with certain role.
|Reported by:||jhf@…||Owned by:||adrian|
|Has patch:||no||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||no|
Steps for owner handling
Connect owner to permission
A model with an OwnerField() that implicitly references the user table.
The OwnerField() records the creator of a record, and maps to the special
role 'owner', that can be used as a permission.
Restrict editing and listing to certain role
Allow a META field that provides additional permissions to roles, including the special role
'owner'. For instance
permissions = [('add','all'),(['list','edit'],'owner'),('delete','admin')]
such that a all users can add a record, and they can only list and edit their own records,
and only admins can delete the record.
If the role 'owner' is used, the model must have an OwnerField().