I'm working on a sort of integrated email system where an
OutboundEmail can be sent to any number of Users. So naturally my
OutboundEmail model has an m2m relationship to User.
Today I've been fiddling with permissions on the User model. To my
amazement I need "change" permissions on OutboundEmail to be able to
delete Users... even though I have "delete" permissions on User.
Can somebody enlighten me as to why this is? The actual piece of code
that causes this behavior is commented (django/contrib/admin/views/
main on line 491):
# If there were related objects, and the user doesn't have
# permission to change them, add the missing perm to perms_needed.
if related.opts.admin and has_related_objs:
p = u'%s.%s' % (related.opts.app_label,
related.opts.get_change_permission())
if not user.has_perm(p):
pass
#perms_needed.add(related.opts.verbose_name)
I can see a use for this in case of non-nullable Foreign keys, but
certainly no m2m's. And why not check for delete permission instead of
change permission if you want this kind of restriction?
I know it's only a one line hack to disable this, but I'd rather not
have a hacked copy in my project dir again.
Regards,
Simon
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en
-~----------~----~----~----~------~----~------~--~---
