Opened 16 years ago

Closed 15 years ago

Last modified 13 years ago

#8146 closed (invalid)

Admin doesn't consider custom permission methods when displaying index page

Reported by: rfugger@… Owned by: nobody
Component: Contrib apps Version: dev
Severity: Keywords: admin permissions
Cc: Triage Stage: Design decision needed
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

I have a ModelAdmin subclass that overrides has_*_permission(), but doesn't display when it should because the admin app index page view only checks those methods if user.has_module_perms(app_label) is True. It should always check them, regardless of whether ordinary permissions are present in the database.

Attachments (1)

sites.py.diff (2.5 KB ) - added by Ryan Fugger 16 years ago.
Removes has_module_perms check, and unindents the following code block.

Download all attachments as: .zip

Change History (11)

by Ryan Fugger, 16 years ago

Attachment: sites.py.diff added

Removes has_module_perms check, and unindents the following code block.

comment:1 by Ryan Fugger, 16 years ago

Has patch: set

comment:2 by Jeff Anderson, 16 years ago

milestone: 1.0
Triage Stage: UnreviewedDesign decision needed

comment:3 by James Bennett, 16 years ago

Resolution: invalid
Status: newclosed

It feels like this is asking for a way to say something contradictory: you want to tell Django that the user has no permissions for the app, but you also want to tell Django that the user does have some permissions for the app.

comment:4 by Ryan Fugger, 16 years ago

Resolution: invalid
Status: closedreopened

The standard permissions can only give access to all of the records or none of them. How to indicate that a user can edit *some* records -- his own articles, for example?

comment:5 by Jacob, 16 years ago

Resolution: invalid
Status: reopenedclosed

Agreed with James (ubernostrum); this isn't what the permissions system is designed for.

Also, as a general rule, please don't reopen tickets marked invalid/wontfix; take it up on django-dev if you disagree.

comment:6 by Ryan Fugger, 16 years ago

How should I implement this functionality in an admin site then?

(Sorry about the re-open -- just trying to make things easier for you.)

comment:7 by anonymous, 15 years ago

You mean the permissions system wasn't designed to do runtime checks to determine if the user has permission to perform an arbitrary action? What is it supposed to do then?

comment:8 by anonymous, 15 years ago

Resolution: invalid
Status: closedreopened

Other than clutter up Google's search results, since it doesn't do what a permissions system typically does...

comment:9 by Alex Gaynor, 15 years ago

Resolution: invalid
Status: reopenedclosed

Please don't reopen tickets closed by core commiters (not 1 but 2), if you would like to further discuss this please use the django-developers mailing list.

comment:10 by Jacob, 13 years ago

milestone: 1.0

Milestone 1.0 deleted

Note: See TracTickets for help on using tickets.
Back to Top