[Django] #34055: InlineModelAdmin and permissions on the instances shown in the in-line

5 views
Skip to first unread message

Django

unread,
Sep 27, 2022, 6:52:06 AM9/27/22
to django-...@googlegroups.com
#34055: InlineModelAdmin and permissions on the instances shown in the in-line
-------------------------------------+-------------------------------------
Reporter: Jonas | Owner: nobody
Vacek |
Type: New | Status: new
feature |
Component: | Version: dev
contrib.admin | Keywords: Admin, Inline,
Severity: Normal | Permissions
Triage Stage: | Has patch: 0
Unreviewed |
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 0
UI/UX: 0 |
-------------------------------------+-------------------------------------
https://docs.djangoproject.com/en/4.1/ref/contrib/admin/#django.contrib.admin.InlineModelAdmin.has_change_permission

As documented above, the `has_{xyz}_permission()` functions are referring
to the parent `obj`.

As far as I can tell, there's no method currently available change the
permissions on each instance inside of an inline.

to help visualise what I'm aiming for, here is a screenshot with an
implemented work-around that overrrides the default form of the in-line

[[Image(https://i.imgur.com/Aatfblj.png)]]
The work-around is not perfect, as it just changes the `<input>`
attributes on the form, and changes will not be rejected in any way, but
it gives the visual idea. The above is achieved with the following

{{{
class MyInlineForm(ModelForm):
def __init__(self, *args, **kwargs):
super(MyInlineForm, self).__init__(*args, **kwargs)
instance = getattr(self, "instance", None)
if (
instance
and instance.id
and (instance.my_permission_function())
):
for field in self.fields:
self.fields[field].widget.attrs["readonly"] = True
}}}

--
Ticket URL: <https://code.djangoproject.com/ticket/34055>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

Django

unread,
Sep 28, 2022, 6:06:29 AM9/28/22
to django-...@googlegroups.com
#34055: InlineModelAdmin and permissions on the instances shown in the in-line
-------------------------------------+-------------------------------------
Reporter: Jonas Vacek | Owner: nobody
Type: New feature | Status: closed
Component: contrib.admin | Version: dev
Severity: Normal | Resolution: wontfix
Keywords: Admin, Inline, | Triage Stage:
Permissions | Unreviewed
Has patch: 0 | Needs documentation: 0

Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Changes (by Carlton Gibson):

* status: new => closed
* resolution: => wontfix


Comment:

Implementing the backend for object-level permissions is out-of-scope for
Django itself. (See #29918 and linked discussions and PRs)

Third-party packages allow for this: django-guardian, django-rules, and
others.

--
Ticket URL: <https://code.djangoproject.com/ticket/34055#comment:1>

Reply all
Reply to author
Forward
0 new messages