It's a common fact that admin interface is awesome, but if an user have edit permissions in that object class can edit all objects of this class. It obviously sucks.
Ok, there is "row level permission" branch, but, generally we dont need all this stuff... it's more simple. Let's go to a example: consider a model class with a owner param, thats represent user has created that object, for example, using that recipes: http://code.djangoproject.com/wiki/CookBookThreadlocalsAndUser Consider the simple requirement: only owner an admin can edit content. If you use admin interface, it can be done easy, with a simple method has_perm in model class, that pass permission codename and request as parameters. The possibilities are unlimited for developer. Admin interface could simply call this method before presenting change form, add form, etc. The example code: from django.contrib.auth.models import User class Foo(models.Model): name = models.CharField(maxlength=100) owner = models.Foreignkey(User) def has_perm(perm, request): if perm == 'change_foo': if self.owner == request.user or request.user.is_superuser: return True else: return False return super(Foo, self).has_perm(perm, request) This is an enhancement idea, but it can be done with several types of implementation. Regards and marry christmas, Manuel Saelices --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-developers?hl=en -~----------~----~----~----~------~----~------~--~---
