[Django] #29475: Only the change permission allows reading data
5 views
Skip to first unread message
Django
Jun 6, 2018, 5:33:15 AM6/6/18
to django-...@googlegroups.com
#29475: Only the change permission allows reading data
-------------------------------------+-------------------------------------
Reporter: James | Owner: nobody
Howe |
Type: Bug | Status: new
Component: | Version: 1.11
contrib.admin | Keywords: securoty
Severity: Normal | permissions
Triage Stage: | Has patch: 0
Unreviewed |
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 0
UI/UX: 0 |
-------------------------------------+-------------------------------------
This is a big problem as there's no separate view permission.
-------------------------------------+-------------------------------------
Reporter: James | Owner: nobody
Howe |
Type: Bug | Status: new
Component: | Version: 1.11
contrib.admin | Keywords: securoty
Severity: Normal | permissions
Triage Stage: | Has patch: 0
Unreviewed |
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 0
UI/UX: 0 |
-------------------------------------+-------------------------------------
This is a big problem as there's no separate view permission.
I want a set of admins to be able to view and delete objects, but not edit
or add new ones.
However, if only the delete permission is given, there's no way to find or
list the objects in the first place.
--
Ticket URL: <https://code.djangoproject.com/ticket/29475>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
Django
Jun 6, 2018, 5:37:25 AM6/6/18
to django-...@googlegroups.com
#29475: Only the change permission allows reading data
-------------------------------------+-------------------------------------
Reporter: James Howe | Owner: nobody-------------------------------------+-------------------------------------
Type: Bug | Status: new
Component: contrib.admin | Version: 1.11
Severity: Normal | Resolution:
Keywords: security | Triage Stage:
permissions | Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
* keywords: securoty permissions => security permissions
--
Ticket URL: <https://code.djangoproject.com/ticket/29475#comment:1>
Django
Jun 6, 2018, 10:06:31 AM6/6/18
to django-...@googlegroups.com
#29475: Only the change permission allows reading data
-------------------------------------+-------------------------------------
-------------------------------------+-------------------------------------
Reporter: James Howe | Owner: nobody
Type: Bug | Status: closedComponent: contrib.admin | Version: 1.11
Severity: Normal | Resolution: duplicate
Keywords: security | Triage Stage:
permissions | Unreviewed
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
* status: new => closed
* resolution: => duplicate
Comment:
Duplicate of #8936 (fixed in Django 2.1).
--
Ticket URL: <https://code.djangoproject.com/ticket/29475#comment:2>
Reply all
Reply to author
Forward
0 new messages