In case anyone was wondering; I created a ticket in the Django bug
tracker and _finally_ got a response from telenieko - thanks!
quote:
I'd guess this would either mean:
* Field/Row level permissions, which are not (yet) implemented.
* Provide more fine-grained permissions.
So, it's not really a bug, but a feature request. You could say it's a
gotcha if you wish ;)
I'll mark this post-1.0; But it's likely to die as "invalid" and maybe
opened as "Provide finer control in contrib.auth" when the above gets
implemented ;)
unquote.
So, here's hoping it's not at the bottom of the list!
09/01/08 10:38:23 changed by caphun ¶
On Aug 31, 9:17 pm, Ca Phun Ung <[EMAIL PROTECTED]> wrote:
> Hello fellow Djangonauts,
>
> I hit a problem with user permissions within the Django admin area. The
> other day I gave a user add/edit/delete user permissions so that they
> could manage staff access on the websites. However, in doing this that
> particular user is now able to create other users with greater
> permissions than himself, even promoting others to superuser status.
> Furthermore that user could also turn himself super by editing his own
> profile. Has anyone come across this problem? Is there a workaround? I
> assume there is a way to lock user permissions so one cannot promote
> oneself or others beyond ones allocated permission level?
>
> Thanks.
>
> -- Ca-Phun Ung
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en
-~----------~----~----~----~------~----~------~--~---
