Opened 18 years ago

Closed 15 years ago

Last modified 6 years ago

#820 closed New feature (duplicate)

Add "view" permission to compliment add/change/delete

Reported by: kayos@… Owned by: Adrian Holovaty
Component: contrib.admin Version: dev
Severity: normal Keywords:
Cc: Triage Stage: Design decision needed
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

This small patch adds a "view" permission to compliment the add/change/delete permissions. A user with this permission will be able to see the admin display_list for an object (django.contrib.admin.views.main.change_list).

It doesn't implement a view_stage(). It would be less trivial to add a sort of read-only version of change_stage/add_stage.

One use case for this feature would be letting users see a list of objects even though they couldn't change them. Another would be letting a user who has add permission (but not change or delete) to see that their object got added.

Attachments (1)

view_permission_patch_1.patch (4.2 KB ) - added by kayos@… 18 years ago.

Download all attachments as: .zip

Change History (14)

by kayos@…, 18 years ago

comment:1 by anonymous, 18 years ago

Summary: "view" permission to compliment add/change/delete[patch] "view" permission to compliment add/change/delete

comment:2 by T.R. Fullhart <kayos@…>, 18 years ago

Version: SVN

comment:3 by Jacob, 18 years ago

Resolution: wontfix
Status: newclosed

This is out of the scope of the admin (you can easily use a generic view on the public site, or use a very simple custom view inside the admin).

comment:4 by jacmkno, 15 years ago

Triage Stage: UnreviewedDesign decision needed

Why is it out of the scope? I think it couldn't be more on the scope.
This feature is an extremely common requirement for any kind of information management application.
If it is that simple, Django should come with a view only permission by default.
I think this should be discussed a little bit more before being disregarded.

comment:5 by gunzip, 15 years ago

I know there has been a long thread around this. These words, which are not mine, summarize it well:

"""There are workarounds, but this is going to surface in more and more projects.
Lets get a solution for this (whatever it is) and implement it in Django instead of everybody implementing workarounds"""

Moreover this workarounds are not documented. I still don't know how to cope with the well know issue with
"raw_id" change_list popup (that still needs CHANGE rights on the target model).

Let's face this: at the current (amazing) level of customization the "admin" interface serves not only "admin" users.
It's frustrating to be answered "write your own admin backend from scratch if you need view permissions".

I guess probably 99% of current django users needs this functionality more than before, please consider to reopen this.

comment:6 by ben@…, 15 years ago

Resolution: wontfix
Status: closedreopened

I couldnt agree more. I have been a happy django convert for the last 4 months. I just started writing a very basic document library area into the admin area. Logging in as admin i can add, delete and change a file in the list. Next step... add a test user to represent a member of staff that is able to view any document uploaded, but is unable to add their own. To my absolute surprise there are no view permissions to be found.

I think it is ridiculous that this feature is being disregarded as a 'non admin' issue.

comment:7 by Russell Keith-Magee, 15 years ago

Resolution: wontfix
Status: reopenedclosed

The Admin site is, as the name suggests, for _administration_. As Jacob noted, It isn't intended to be the public facing part of your website.

As a matter of process, if you disagree with a wontfix decision from one of the core team, you don't just reopen the ticket - you start a discussion on Django developers.

comment:8 by naktinis@…, 11 years ago

Easy pickings: unset
UI/UX: unset

We need view permissions also because we have different levels of admins. So we want to be able to say: user A can modify field X on this model and read all other fields, user B can modify fields X and Y and read X, Y, and Z etc. Does having customizable permissions (admin levels) really not make sense?

comment:9 by anonymous, 11 years ago

I'd really like to see this done! I want to give readonly admin accounts to interns, designers, developers, sales reps and sales prospects, because I want them to be able to see the admin interface of a live system.

comment:10 by anonymous, 11 years ago

4 shizzle

comment:11 by Mike Lissner, 11 years ago

I'd like to see this too. We have interns that need to do development, but since our data is so complex, it's difficult for them to get a good sample database set up on their development machine. If they could simply peek into the live system it'd be very valuable. I was looking at the deprecation notes for the dataview module, and they suggested that we might add its functionality to admin. Would be great to get that idea going again. Seems to be a fairly simple and often requested feature.

comment:12 by Tim Graham, 11 years ago

#8936 is the open ticket for adding databrowse-like functionality to the admin. This ticket is closed.

comment:13 by Tim Graham, 6 years ago

Resolution: wontfixduplicate
Summary: [patch] "view" permission to compliment add/change/deleteAdd "view" permission to compliment add/change/delete
Type: enhancementNew feature

This is fixed in #8936 so changing resolution to "duplicate" rather than "wontfix".

Note: See TracTickets for help on using tickets.
Back to Top