I agree that this is currently possible in Django, I'm already using some of what you proposed:
- I've customized add, change and delete permissions of ModelAdmin to allow a user to manipulate only its own posts; - I've customized the queryset method to show only the allowed posts of a user. What I think Django is currently missing is the ability to show the model on the index page (/admin/) or in the app index (/admin/app/). I don't think this question should be asked on Django-users, the issue isn't how to solve this. I'm just thinking that this isn't the proper behaviour, and that's what I'm fighting for! =) If the user can see "some" of the instances of a model on "/admin/app/ model/" he should be able to get to the listing through the index pages on "/admin/" or "/admin/app/". What should I do? 1. Tell the user: go directly to this link "/admin/app/model/" because you don't have enough permissions to see the model listed on "/ admin/"? 2. Override "AdminSite.index" and "AdminSite.app_index" to honour the custom permissions? (That's what I've done) 3. Give the user permission to edit "every" instance of a blog post? If I give the user the permissions, he'll be able to edit other's posts. I can block this using custom permissions on ModelAdmin, but another admin application on the same project would allow access on unauthorized content. Please forgive me if I'm being picky, I just want to contribute. Best regards, Enrico --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/django-developers?hl=en -~----------~----~----~----~------~----~------~--~---
