On Thu, Aug 6, 2009 at 1:51 PM, Enrico <[email protected]> wrote: > > I came across the situation described on the ticket #8146 [1], I've > changed the permissions for a model allowing the user to access only > certain instances of a model. > > As I don't want to give the user access to all objects, I've extended > the `AdminSite`, changing the `index` view to ignore > `user.has_module_perms` and check only the > `model_admin.get_model_perms` method. > > The main problem is that I can control the permissions but I can't get > the user to the models. > > Maybe the `user.has_module_perms` could be replaced by a method on the > `AdminSite` for easier customization. > Or the `AdminSite.index` view should respect the custom permissions. > > I think that the same concept applies to `AdminSite.app_index`. > > [1] http://code.djangoproject.com/ticket/8146 >
I am really confused here, so forgive me for asking a stupid question. Why don't you just grant the user module_perms? Then you can limit there access to that module. There is nothing saying that if you give a user module permissions, they need to have access to everything in that module. It should save you on a lot of subclassing as well It sounds like you are saying "I don't want this user to have access to * anything* on this module" by refusing to give them permissions on the module and then going and saying they should have access to some of the models. Sounds contradictory to me. Maybe I am missing something obvious, please correct me if I am, Michael --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/django-developers?hl=en -~----------~----~----~----~------~----~------~--~---
