#11154: Inconsistency with permissions for proxy models -------------------------------------+------------------------------------- Reporter: Dave Hall | Owner: Arthur | Rio Type: Bug | Status: assigned Component: contrib.auth | Version: master Severity: Normal | Resolution: Keywords: proxy contenttype | Triage Stage: Accepted permission | Has patch: 1 | Needs documentation: 1 Needs tests: 0 | Patch needs improvement: 1 Easy pickings: 0 | UI/UX: 0 -------------------------------------+-------------------------------------
Comment (by Arthur Rio): As mentioned on the [https://github.com/django/django/pull/10381 pull request], I moved away from my initial comment because: 1. It's only a temporary fix and we would still need to address the bigger issue about how permissions are created for proxy models. 2. It makes it actually more risky in terms of security as users with proxy permissions would suddenly be able to access the admin pages they couldn't see before (even though they should have been in the first place...) I think I'm pretty close to wrapping up the code changes and I'd love some feedback before I start writing up the docs and the release notes. You can check the [https://github.com/django/django/pull/10381 pull request] for more details about the current state of things and how this patch would impact permissions. -- Ticket URL: <https://code.djangoproject.com/ticket/11154#comment:62> Django <https://code.djangoproject.com/> The Web framework for perfectionists with deadlines. -- You received this message because you are subscribed to the Google Groups "Django updates" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-updates+unsubscr...@googlegroups.com. To post to this group, send email to django-updates@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/065.0b841033a9c863667c305b08bbe32fcf%40djangoproject.com. For more options, visit https://groups.google.com/d/optout.