Adding view permission by default to auth_permission

77 views
Skip to first unread message

Ander Ustarroz

unread,
May 30, 2016, 2:13:18 PM5/30/16
to Django users
I am surprised this feature is not implemented yet, at the moment when we create a new model  three permissions are created automatically:
  • add_permission
  • change_permission
  • delete_permission
We really missing the view_permission here, when we want staff to be able to see the content but not being able to modify it. Searching a bit,  you can find many different implementations to achieve this, but all of them are extending django.contrib.admin.ModelAdmin. Having so many people rewriting these methods in my opinion is a clear sign that this feature should be part of the core. 

Regards,

Akhil Lawrence

unread,
May 31, 2016, 2:25:26 PM5/31/16
to Django users
Ander,

Please add your suggestion as a ticket in django ticketing system.

Derek

unread,
Jun 1, 2016, 5:59:47 AM6/1/16
to Django users
My own observation, from years on this mailing list, is that the dev team do not consider this a must-have for Django; their view (as far as I understand it!) is that the admin is designed for trusted users, so simply do not let them have access at all.  Having said that, there is a pull request underway for a feature that seems similar to what you want:

https://github.com/django/django/pull/5297

(P.S. Also bear in mind that Django, like most FOSS projects, is not actually a democracy - so something 'the people want" does not necessarily get done; not understanding this trips many people up...)

mmatt

unread,
Oct 27, 2016, 1:05:05 PM10/27/16
to Django users
Derek,

On almost every context where view permission is discussed, that admin does not need is brought up as a reason. This a little confuses me. The permissions are not for the admin only, and they may be used for the actual application, right? So, is it assumed that people would add it, if needed? when I first came across it, I thought maybe it is not needed because via use of custom managers, non-view-able objects get filtered out and there is no need for permission testing. 

Mehmet

mmatt

unread,
Oct 27, 2016, 1:05:05 PM10/27/16
to Django users
On another note, I believe django dev team needs to understand life is rarely boolean. That is, even the staff that you trust, you don't always trust 100% :) actually almost never trust 100% so good to have options. 

Mehmet

On Wednesday, June 1, 2016 at 4:59:47 AM UTC-5, Derek wrote:

Luis Zárate

unread,
Oct 27, 2016, 6:24:18 PM10/27/16
to django...@googlegroups.com
This is alive in

https://github.com/django/django/pull/6734

The other PR was close because this have not merge conflict.

I think this functionality is needed an will be included soon.
> --
> You received this message because you are subscribed to the Google Groups "Django users" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to django-users...@googlegroups.com.
> To post to this group, send email to django...@googlegroups.com.
> Visit this group at https://groups.google.com/group/django-users.
> To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/3c4931c3-453f-4a80-a62d-16bc9873817b%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>

--
"La utopía sirve para caminar" Fernando Birri



Olivier Dalang

unread,
Oct 29, 2016, 7:51:12 AM10/29/16
to django...@googlegroups.com

Indeed I just have to squash the commits then it can be merged. I'm out of office until next week but will do so when back.

Bests


On 27 Oct 2016 23:23, "Luis Zárate" <luis...@gmail.com> wrote:
This is alive in

https://github.com/django/django/pull/6734

The other PR was close because this have not merge conflict.

I think this functionality is needed an will be included soon.




El jueves, 27 de octubre de 2016, mmatt <meh...@edgle.com> escribió:
> On another note, I believe django dev team needs to understand life is rarely boolean. That is, even the staff that you trust, you don't always trust 100% :) actually almost never trust 100% so good to have options. 
> Mehmet
>
> On Wednesday, June 1, 2016 at 4:59:47 AM UTC-5, Derek wrote:
>>
>> My own observation, from years on this mailing list, is that the dev team do not consider this a must-have for Django; their view (as far as I understand it!) is that the admin is designed for trusted users, so simply do not let them have access at all.  Having said that, there is a pull request underway for a feature that seems similar to what you want:
>>
>> https://github.com/django/django/pull/5297
>>
>> (P.S. Also bear in mind that Django, like most FOSS projects, is not actually a democracy - so something 'the people want" does not necessarily get done; not understanding this trips many people up...)
>>
>> On Monday, 30 May 2016 20:13:18 UTC+2, Ander Ustarroz wrote:
>>>
>>> I am surprised this feature is not implemented yet, at the moment when we create a new model  three permissions are created automatically:
>>>
>>> add_permission
>>> change_permission
>>> delete_permission
>>>
>>> We really missing the view_permission here, when we want staff to be able to see the content but not being able to modify it. Searching a bit,  you can find many different implementations to achieve this, but all of them are extending django.contrib.admin.ModelAdmin. Having so many people rewriting these methods in my opinion is a clear sign that this feature should be part of the core. 
>>>
>>> Regards,
>>>
> --
> You received this message because you are subscribed to the Google Groups "Django users" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.

> To post to this group, send email to django...@googlegroups.com.
> Visit this group at https://groups.google.com/group/django-users.
> To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/3c4931c3-453f-4a80-a62d-16bc9873817b%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>

--
"La utopía sirve para caminar" Fernando Birri



--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.

To post to this group, send email to django...@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.

Luis Zárate

unread,
Nov 10, 2016, 10:59:33 PM11/10/16
to django...@googlegroups.com
Great I have been waiting this functionality for years :).

Please let me know when your PR is merge.




El sábado, 29 de octubre de 2016, Olivier Dalang <olivier...@gmail.com> escribió:
> Indeed I just have to squash the commits then it can be merged. I'm out of office until next week but will do so when back.
>
> Bests
>
> On 27 Oct 2016 23:23, "Luis Zárate" <luis...@gmail.com> wrote:
>>
>> This is alive in
>>
>> https://github.com/django/django/pull/6734
>>
>> The other PR was close because this have not merge conflict.
>>
>> I think this functionality is needed an will be included soon.
>>
>>
>>
>>
>> El jueves, 27 de octubre de 2016, mmatt <meh...@edgle.com> escribió:
>> > On another note, I believe django dev team needs to understand life is rarely boolean. That is, even the staff that you trust, you don't always trust 100% :) actually almost never trust 100% so good to have options. 
>> > Mehmet
>> >
>> > On Wednesday, June 1, 2016 at 4:59:47 AM UTC-5, Derek wrote:
>> >>
>> >> My own observation, from years on this mailing list, is that the dev team do not consider this a must-have for Django; their view (as far as I understand it!) is that the admin is designed for trusted users, so simply do not let them have access at all.  Having said that, there is a pull request underway for a feature that seems similar to what you want:
>> >>
>> >> https://github.com/django/django/pull/5297
>> >>
>> >> (P.S. Also bear in mind that Django, like most FOSS projects, is not actually a democracy - so something 'the people want" does not necessarily get done; not understanding this trips many people up...)
>> >>
>> >> On Monday, 30 May 2016 20:13:18 UTC+2, Ander Ustarroz wrote:
>> >>>
>> >>> I am surprised this feature is not implemented yet, at the moment when we create a new model  three permissions are created automatically:
>> >>>
>> >>> add_permission
>> >>> change_permission
>> >>> delete_permission
>> >>>
>> >>> We really missing the view_permission here, when we want staff to be able to see the content but not being able to modify it. Searching a bit,  you can find many different implementations to achieve this, but all of them are extending django.contrib.admin.ModelAdmin. Having so many people rewriting these methods in my opinion is a clear sign that this feature should be part of the core. 
>> >>>
>> >>> Regards,
>> >>>
>> > --
>> > You received this message because you are subscribed to the Google Groups "Django users" group.
>> > To unsubscribe from this group and stop receiving emails from it, send an email to django-users...@googlegroups.com.

>> > To post to this group, send email to django...@googlegroups.com.
>> > Visit this group at https://groups.google.com/group/django-users.
>> > To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/3c4931c3-453f-4a80-a62d-16bc9873817b%40googlegroups.com.
>> > For more options, visit https://groups.google.com/d/optout.
>> >
>>
>> --
>> "La utopía sirve para caminar" Fernando Birri
>>
>> <https://ci3.googleusercontent.com/proxy/pleYFBjRTaqPzwl0QWV68XGbm9_iKE548G9HnZip6o7gk46Dni4svLKWIxqanv21wf4L-oDTIVyWUviHHYQOxYJ_VR-E2QHnDRBqrtZefM09Bgx09obS9PzSCP77HVIAehvKQVoH7RXKVRwJcXB8ZhPlAlEmO_2MsbjN1bH8rF0L8O0qa_FTVnBaZA84NQjOjE3lH9ACs5sERtY=s0-d-e1-ft#https://docs.google.com/uc?export=download&id=0B4-s_Bgz_-NSN0V3b24zU25fMW8&revid=0B4-s_Bgz_-NSdy9OTkYzcDN6RGZITWl5amdqT3JxVnNVVSswPQ>

>>
>> --
>> You received this message because you are subscribed to the Google Groups "Django users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an email to django-users...@googlegroups.com.
> --
> You received this message because you are subscribed to the Google Groups "Django users" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to django-users...@googlegroups.com.

> To post to this group, send email to django...@googlegroups.com.
> Visit this group at https://groups.google.com/group/django-users.
> To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CAExk7p3S0p7qO-9CDUPgDc9tyt%3DR%2Bd2XPeJkMxt8QSP13XRCFQ%40mail.gmail.com.
Reply all
Reply to author
Forward
0 new messages