#8060: Admin Inlines do not respect user permissions
-------------------------------------+-------------------------------------
Reporter: | Owner: dgouldin
p.patruno@… | Milestone:
Status: new | Version: SVN
Component: | Keywords: inlines User
django.contrib.admin | authentication
Resolution: | Has patch: 0
Triage Stage: Design | Needs tests: 0
decision needed |
Needs documentation: 0 |
Patch needs improvement: 0 |
-------------------------------------+-------------------------------------
Comment (by anonymous):
I've just been bitten by this too, and have had to write a series of
separate views to reimplement this part of the admin.
In a way I'mg glad though because I realise my assumptions about how
model-based permissions work were wrong. I had thought that adding
permissions actually altered the model save() and delete() methods in some
way – introducing the authentication check there. Is there a reason why
that isn't a more appropriate place to do this kind of permission
checking? Otherwise it feels like one is always dependent on the admin not
to have bugs which mean the permissions aren't respected properly.
--
Ticket URL: <http://code.djangoproject.com/ticket/8060#comment:10>
Django <http://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to django-updates@googlegroups.com.
To unsubscribe from this group, send email to
django-updates+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en.
