Opened 10 years ago

Closed 10 years ago

Last modified 9 years ago

#636 closed enhancement (invalid)

Restrict editing of records to owner or person with certain role.

Reported by: jhf@… Owned by: adrian
Component: Core (Other) Version:
Severity: normal Keywords: ownership
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: UI/UX:

Description

Steps for owner handling

Connect owner to permission

A model with an OwnerField() that implicitly references the user table.
The OwnerField() records the creator of a record, and maps to the special
role 'owner', that can be used as a permission.

Restrict editing and listing to certain role

Allow a META field that provides additional permissions to roles, including the special role
'owner'. For instance
permissions = [('add','all'),(['list','edit'],'owner'),('delete','admin')]
such that a all users can add a record, and they can only list and edit their own records,
and only admins can delete the record.
If the role 'owner' is used, the model must have an OwnerField().

Change History (2)

comment:2 Changed 10 years ago by jacob

  • Resolution set to invalid
  • Status changed from new to closed

I'm going to close this ticket in favor of the discussion on django-developers since this problem is far more complicated than it appears at the first glance.

Note: See TracTickets for help on using tickets.
Back to Top