Code

Opened 6 years ago

Closed 5 years ago

Last modified 3 years ago

#9036 closed (fixed)

Discrepancy in admin permissions

Reported by: anonymous Owned by: manuq
Component: contrib.admin Version: 1.0
Severity: Keywords: pycamp2009
Cc: Triage Stage: Accepted
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: UI/UX:

Description

in django.contrib.admin.sites.AdminSite.index permissions are calculated like so:

                perms = {
                    'add': model_admin.has_add_permission(request),
                    'change': model_admin.has_change_permission(request),
                    'delete': model_admin.has_delete_permission(request),
                }

but then in django.contrib.admin.sites.AdminSite.app_index permissions are done like this:

                    perms = {
                        'add': user.has_perm("%s.%s" % (app_label, model._meta.get_add_permission())),
                        'change': user.has_perm("%s.%s" % (app_label, model._meta.get_change_permission())),
                        'delete': user.has_perm("%s.%s" % (app_label, model._meta.get_delete_permission())),
                    }

Personally I perfer the way that index does it, but either way, it just needs to be standardized so we don't have different pages giving different results.

Attachments (2)

sites.diff (1001 bytes) - added by leanmeandonothingmachine 6 years ago.
9036-index_perms_discrepancy.diff (954 bytes) - added by manuq 5 years ago.

Download all attachments as: .zip

Change History (10)

comment:1 Changed 6 years ago by anonymous

  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset

Changed 6 years ago by leanmeandonothingmachine

comment:2 Changed 6 years ago by leanmeandonothingmachine

  • Has patch set

comment:3 Changed 5 years ago by jacob

  • milestone set to 1.1
  • Triage Stage changed from Unreviewed to Accepted

comment:4 Changed 5 years ago by jacob

The way index does it is correct and should be used in both cases.

comment:5 Changed 5 years ago by manuq

  • Keywords pycamp2009 added
  • Owner changed from nobody to manuq

Changed 5 years ago by manuq

comment:6 Changed 5 years ago by manuq

The patch attached should do it.

comment:7 Changed 5 years ago by jacob

  • Resolution set to fixed
  • Status changed from new to closed

Fixed in r10451

comment:8 Changed 3 years ago by jacob

  • milestone 1.1 deleted

Milestone 1.1 deleted

Add Comment

Modify Ticket

Change Properties
<Author field>
Action
as closed
as The resolution will be set. Next status will be 'closed'
The resolution will be deleted. Next status will be 'new'
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.