How object permissions work in the admin is also a bit of an undocumented surprise. You need 'change_*' on the model, not just on a specific object in order to to be able to do just about anything at all. 'delete_selected` cannot check for object permissions etc.
I just started using django-guardian and it's the first time ever (in ten years) I've needed to write my own subclass of ModelAdmin. Its get_queryset() checks for whether the user has access to an object directly via an object permission, but it also calls an optional method since I try to use as few object permission as possible. The plan is that if you have access to, say, a bookcase, you have the same access to all the books therein without being explicit about it, with the usual caveat about lousy analogies being lousy. On Thu, 8 Nov 2018 at 11:55, Tobias Bengfort <tobias.bengf...@posteo.de> wrote: > > On 08/11/2018 11:43, Carlton Gibson wrote: > > My only concern thus far is bringing out the change well enough in the > > release notes and docs. > > (Split between the two PRs I'm not sure it quite does that.) > > My impression is that authentication backends and object permissions > have already been underdocumented before these changes. I would like to > help improving the documentation in general. However, the content and > structure of the documentation could be very different depending on > which of my changes get accepted. So my idea was to rework the > documentation afterwards. > > tobias > > -- > You received this message because you are subscribed to the Google Groups > "Django developers (Contributions to Django itself)" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to django-developers+unsubscr...@googlegroups.com. > To post to this group, send email to django-developers@googlegroups.com. > Visit this group at https://groups.google.com/group/django-developers. > To view this discussion on the web visit > https://groups.google.com/d/msgid/django-developers/0dd42320-0761-ef5d-4877-9aba8b814134%40posteo.de. > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To post to this group, send email to django-developers@googlegroups.com. Visit this group at https://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/CACQ%3Drrc%2B47aKUQO29cNWo%2BNwDAKDXcNF8i976C2%3Dv7mYwS3X9g%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
