Thanks for the comment! I really do think that this "backends ready && included" parts of Django are extremely useful (and fun to extend if needed).
About the admin, I haven't really get into admin integration yet as I cannot answer this: should user with "flatpages.change_flatpage" permission for flatpage instance be able to edit it at admin if he/she doesn't have "flatpage.change_flatpage" global permission? I'm just stuck here - I suppose it would be good to "turn off" ability to change some objects for user with this global "app.change_obj" permission removal. On the other hand, wouldn't it be too much to give such global permission for user if we intend to allow him/her to change only single object? Am not sure if I should start such discussion here but I just couldn't resist :) On 4 Sie, 01:34, Russell Keith-Magee <russ...@keith-magee.com> wrote: > On Wed, Aug 4, 2010 at 7:20 AM, lukaszb <lukaszbalcer...@gmail.com> wrote: > > Hi all, > > > I'd like to announce django-guardian - very basic yet usable per > > object permissions > > implementation for Django 1.2, using new authorization backend > > facilities. > > > It was created during 2 days sprint, code have been released and may > > be found athttp://github.com/lukaszb/django-guardian/. > > Documentation is available athttp://packages.python.org/django-guardian/. > > > Currently I think there should be better integration with admin app > > and some shortcuts (permission assignment/removal) > > should support table-level permissions as well. > > > If you spot a bug or have an idea how to improve this little app, > > please spare a minute at issue tracker, which is located at > >http://github.com/lukaszb/django-guardian/issues. > > > Hope someone would find this useful. > > > Take care, > > Lukasz > > Hi Lukasz, > > Great stuff! Thanks for taking the effort to implement this and put it > out in the open. It's a fantastic example of the sort of thing that > can be very useful without needing to be part of core, which is the > reason that we put the object-based permissions API into the auth > backends. > > Regarding admin app integration -- integration of object-level > permissions with the admin app is one area where I am aware there are > some bugs (or, at least, some areas where the object-based permissions > API isn't being used as it should). This aspect of Django's admin > could do with some attention, so if your experience of implementing an > object-based permissions backend has you contemplating a bigger > project, auditing the admin for adherence to object-based permissions > could be an interesting candidate. > > Yours, > Russ Magee %-) -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-us...@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
