[Django] #17430: Clearly document the permissions model for the Django admin interface
Django
-------------------------------+--------------------
Reporter: ncoghlan@… | Owner: nobody
Type: Uncategorized | Status: new
Component: Uncategorized | Version: 1.3
Severity: Normal | Keywords:
Triage Stage: Unreviewed | Has patch: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------+--------------------
The current auth docs aren't particularly clear on *exactly* what is
needed to support the Django admin with a custom backend. Specifically, I
had to do a lot of digging and experimentation to work out adequate
settings for a User to be able to:
1. Access the admin pages at all (i.e. is_active + is_staff)
2. Actually edit the model data (through trial and error, I know that
is_active + is_staff + is_super works, but I don't know if there are any
other ways to achieve the same thing).
--
Ticket URL: <https://code.djangoproject.com/ticket/17430>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
Django
Type: Uncategorized | Status: new
Component: Uncategorized | Version: 1.3
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Changes (by kmtracey):
* needs_better_patch: => 0
* needs_tests: => 0
* needs_docs: => 0
Comment:
Could you say a bit more about where you looked and found docs lacking?
This bit: https://docs.djangoproject.com/en/1.3/topics/auth/#writing-an-
authentication-backend does mention that "The Django admin system is
tightly coupled to the Django User object described at the beginning of
this document. For now, the best way to deal with this is to create a
Django User object for each user that exists for your backend (e.g., in
your LDAP directory, your external SQL database, etc.)" implying to use
admin with a custom auth backend you still do want to be using standard
django.contrib.auth Usesr objects, with all their attributes.
The descriptions for is_staff, is_active, is_superuser
(https://docs.djangoproject.com/en/1.3/topics/auth/#django.contrib.auth.models.User.is_staff)
all mention how admin uses them.
https://docs.djangoproject.com/en/1.3/topics/auth/#permissions describes
how admin uses permissions to control how much access a user has to
individual models in the admin site.
--
Ticket URL: <https://code.djangoproject.com/ticket/17430#comment:1>
Django
Type: Uncategorized | Status: new
Component: Uncategorized | Version: 1.3
Keywords: | Triage Stage: Unreviewed
Comment (by ncoghlan@…):
The problem is that they're scattered, so it's hard to be sure you've
covered everything. What happened to me was that I had a bug in my auth
backend, such that "is_staff" and "is_superuser" weren't being set
correctly (they were always False). Initially I assumed I had missed
something, so I was scouring the docs trying to work out what I had
missed. It was only after convincing myself that I had actually found all
the relevant pieces that I took a closer look at my own code and uncovered
the bug.
A simple list of bullet points in the Custom Auth Backend section would
have steered me in the right direction straight away (because I would have
known I had covered everything, and hence I simply had a bug in the code I
had already written rather than missing a step). With appropriate links to
the specific sections, something like the following would make it crystal
clear what you need to do to link the two together:
"To use the Django admin system with a custom authentication backend, the
custom backend must do at least the following:
- create Django User objects for any users that need to access the Django
admin system
- ensure "is_active" is set for each of those users
- ensure that either "is_superuser" (for full access) or "is_staff" and
the appropriate permissions (for limited access) are set for each of those
users"
(That would probably replace the current sentence on the topic, since the
two cover the same ground)
--
Ticket URL: <https://code.djangoproject.com/ticket/17430#comment:2>
Django
Type: Uncategorized | Status: new
Component: Uncategorized | Version: 1.3
Keywords: | Triage Stage: Accepted
Changes (by kmtracey):
* stage: Unreviewed => Accepted
--
Ticket URL: <https://code.djangoproject.com/ticket/17430#comment:3>
Django
Reporter: ncoghlan@… | Owner: nobody
Type: New feature | Status: new
Component: Documentation | Version: 1.3
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Changes (by aaugustin):
* type: Uncategorized => New feature
* component: Uncategorized => Documentation
--
Ticket URL: <https://code.djangoproject.com/ticket/17430#comment:4>
Django
Reporter: ncoghlan@… | Owner: Maria Hynes
Type: New feature | Status: assigned
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Changes (by Maria Hynes):
* owner: nobody => Maria Hynes
* status: new => assigned
--
Ticket URL: <https://code.djangoproject.com/ticket/17430#comment:5>
Django
Reporter: ncoghlan@… | Owner: Maria Hynes
Type: New feature | Status: assigned
Component: Documentation | Version: 1.3
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Needs tests: 0 | Patch needs improvement: 0
Changes (by Maria Hynes):
--
Ticket URL: <https://code.djangoproject.com/ticket/17430#comment:6>
Django
Reporter: ncoghlan@… | Owner: Maria Hynes
Type: New feature | Status: assigned
Component: Documentation | Version: 1.3
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Changes (by Sarah Boyce):
* needs_better_patch: 0 => 1
--
Ticket URL: <https://code.djangoproject.com/ticket/17430#comment:7>
Django
Reporter: ncoghlan@… | Owner: Maria Hynes
Type: New feature | Status: assigned
Component: Documentation | Version: 1.3
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 1
Changes (by Sarah Boyce):
interface =>
Document access to the Django admin interface when using a custom
backend
--
Ticket URL: <https://code.djangoproject.com/ticket/17430#comment:8>
Django
| Hynes
Type: New feature | Status: assigned
Component: Documentation | Version: 1.3
Severity: Normal | Resolution:
| checkin
Changes (by Sarah Boyce):
* needs_better_patch: 1 => 0
* stage: Accepted => Ready for checkin
--
Ticket URL: <https://code.djangoproject.com/ticket/17430#comment:9>
Django
-------------------------------------+-------------------------------------
Reporter: ncoghlan@… | Owner: Maria
| Hynes
Component: Documentation | Version: 1.3
Severity: Normal | Resolution: fixed
| checkin
Has patch: 1 | Needs documentation: 0
Changes (by Sarah Boyce <42296566+sarahboyce@…>):
* resolution: => fixed
* status: assigned => closed
Comment:
In [changeset:"7e759d9af714b4db6735f7e53f62a5933a6260b8" 7e759d9]:
{{{#!CommitTicketReference repository=""
revision="7e759d9af714b4db6735f7e53f62a5933a6260b8"
Fixed #17430 -- Documented access to the Django admin when using a custom
auth backend.
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/17430#comment:10>
Django
-------------------------------------+-------------------------------------
Reporter: ncoghlan@… | Owner: Maria
| Hynes
Type: New feature | Status: closed
Component: Documentation | Version: 1.3
Severity: Normal | Resolution: fixed
Keywords: | Triage Stage: Ready for
| checkin
Has patch: 1 | Needs documentation: 0
Comment (by Sarah Boyce <42296566+sarahboyce@…>):
In [changeset:"c387d86882817fe007e1b217e9f6bc62ff513693" c387d86]:
{{{#!CommitTicketReference repository=""
revision="c387d86882817fe007e1b217e9f6bc62ff513693"
[5.1.x] Fixed #17430 -- Documented access to the Django admin when using a
custom auth backend.
Backport of 7e759d9af714b4db6735f7e53f62a5933a6260b8 from main.
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/17430#comment:11>