I also had to implement view permissions on admin, and in my opinion,
the worst thing of implementing full support for view permissions is
that you have to **copy&paste all the change_view and
changelist_view** just for changing one conditional:
if not self.has_change_permission(request, obj):
For what it's worth is love to see this in core too.
my use case was for DjangoCon Europe where admins were allowed to see ticket
info, but only "super admins" were allowed to change them as changes likely had
an impact on payments etc too (read PayPal). The solution was that everyone had
chang
Just ran into this old thread because of a similar situation: created_by,
created_on, etc.
Just got me thinking, if database has permission for CRUD, why admin site
only has CUD?
To say the site is for admin only may not be correct. After all, the admin
site will manage normal user's permission
On Fri, Dec 19, 2008 at 1:44 AM, Jacob Kaplan-Moss
wrote:
>
> On Thu, Dec 18, 2008 at 11:38 AM, gert wrote:
>> 1) On a technical level there is a design flaw in the fact that the
>> ADD and DELETE permissions depend on the CHANGE permission.
>
> Really, no, there's not. The fact that you disagre
On Dec 18, 1:25 pm, "Jacob Kaplan-Moss"
wrote:
> On Thu, Dec 18, 2008 at 10:35 AM, christian schilling
>
> wrote:
> > mybe changelist views should not check permissions at all, by default.
>
> If you think about this a bit you'll realize why this is a very, very
> bad idea. I can think of at l
2008/12/18 Jacob Kaplan-Moss
>
> On Thu, Dec 18, 2008 at 10:35 AM, christian schilling
> wrote:
> > mybe changelist views should not check permissions at all, by default.
>
> If you think about this a bit you'll realize why this is a very, very
> bad idea. I can think of at least three reasons.
> add/delete are spin-offs of that
I can't argue about that add/delete is a form of change :)
> popularity contest
It is most certainly not that, it is about business and making money.
I have been in software development for 15 years now and on more than
one occasion we had to stop using a develo
On Thu, Dec 18, 2008 at 11:38 AM, gert wrote:
> 1) On a technical level there is a design flaw in the fact that the
> ADD and DELETE permissions depend on the CHANGE permission.
Really, no, there's not. The fact that you disagree with the design
doesn't mean it's a "design flaw." Put it this way
Jacob, the suggestion you made will most definitely work and I have no
problem implementing it like that. I have to go that route no matter
what the outcome of this discussion because it must be done in a
couple of days :)
I raised the view permission issue primarily because:
1) On a technical l
On Thu, Dec 18, 2008 at 10:35 AM, christian schilling
wrote:
> mybe changelist views should not check permissions at all, by default.
If you think about this a bit you'll realize why this is a very, very
bad idea. I can think of at least three reasons.
> i solved this, as you said, by using a M
2008/12/18 Jacob Kaplan-Moss
>
> To get back to the original question, you can do this right now with a
> bit of custom admin code. Take a look at
> ``ModelAdmin.has_change_permission`` -- you can override this method
> to control exactly what the definition of "can change" is for a
> particular
Guys, watch it. Colin and gert, y'all are allowed to disagree, but the
tone here is deteriorating and that's not okay. Keep things
professional, please.
To get back to the original question, you can do this right now with a
bit of custom admin code. Take a look at
``ModelAdmin.has_change_permissi
2008/12/18 Collin Grady
>
> Admin is for admins. Not limited users.
>
then why does it have permissions at all?
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
"Django developers" group.
To post to this group, send
On Thu, Dec 18, 2008 at 8:30 AM, gert wrote:
> Which was definitely what was intended on day one when the CHANGE,
> ADD, DELETE permissions were created.
Says you.
Admin is for admins. Not limited users.
Write your own views.
--
Collin Grady
--~--~-~--~~~---~--~-
I agree, if you run a small site with only 1 administrator you don't
need a VIEW permission.
But if you have 10 junior journalists, 3 senior journalists and an
editor it is slightly different. They are all administrators but not
all of them should have CHANGE permissions, some must just have ADD
My argumentation:
1) i'd like to have solution to allow my users to see their objects
with admin interface.
2) i'd like to have this built-in because
a) there's no simple way to do this manually without patching django,
b) there's no such solution ready and because
c) such solution implemen
On Dec 18, 2008, at 09:12, gert wrote:
> Your thoughts on this?
The Django book, for example, clearly states that the admin is for
administrators. Nothing less.
- Ludvig
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Gr
I must agree, a view permission will definately bring a lot more
flexability to Django.
Every permission system I can think of has a concept of view/read
only. I come from a Zope/Plone background and their permission system
is without a doubt one of the mayor reasons for their rapid uptake.
(Mayb
We have a very common situation where we have junior administrators
that are only allowed to ADD news items and higher level admins that
can CHANGE/DELETE them.
Without a view permission it is not possible to do this, you have to
give CHANGE rights to everybody (They must be able to see the list
19 matches
Mail list logo
