Adding view permission by default to auth_permission

[Ander Ustarroz]

I am surprised this feature is not implemented yet, at the moment when we create a new model  three permissions are created automatically:

• add_permission
• change_permission
• delete_permission
  

We really missing the view_permission here, when we want staff to be able to see the content but not being able to modify it. Searching a bit,  you can find many different implementations to achieve this, but all of them are extending django.contrib.admin.ModelAdmin. Having so many people rewriting these methods in my opinion is a clear sign that this feature should be part of the core. 

Regards,

[Akhil Lawrence]

Ander,

Please add your suggestion as a ticket in django ticketing system.

https://code.djangoproject.com/newticket

[Derek]

My own observation, from years on this mailing list, is that the dev team do not consider this a must-have for Django; their view (as far as I understand it!) is that the admin is designed for trusted users, so simply do not let them have access at all.  Having said that, there is a pull request underway for a feature that seems similar to what you want:

https://github.com/django/django/pull/5297

(P.S. Also bear in mind that Django, like most FOSS projects, is not actually a democracy - so something 'the people want" does not necessarily get done; not understanding this trips many people up...)

[mmatt]

Derek,

On almost every context where view permission is discussed, that admin does not need is brought up as a reason. This a little confuses me. The permissions are not for the admin only, and they may be used for the actual application, right? So, is it assumed that people would add it, if needed? when I first came across it, I thought maybe it is not needed because via use of custom managers, non-view-able objects get filtered out and there is no need for permission testing. 

Mehmet

[mmatt]

On another note, I believe django dev team needs to understand life is rarely boolean. That is, even the staff that you trust, you don't always trust 100% :) actually almost never trust 100% so good to have options. 

Mehmet

On Wednesday, June 1, 2016 at 4:59:47 AM UTC-5, Derek wrote:

[Luis Zárate]

This is alive in

https://github.com/django/django/pull/6734

The other PR was close because this have not merge conflict.

I think this functionality is needed an will be included soon.

> --
> You received this message because you are subscribed to the Google Groups "Django users" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to django-users...@googlegroups.com.
> To post to this group, send email to django...@googlegroups.com.
> Visit this group at https://groups.google.com/group/django-users.
> To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/3c4931c3-453f-4a80-a62d-16bc9873817b%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>

--

"La utopía sirve para caminar" Fernando Birri

[Olivier Dalang]

Indeed I just have to squash the commits then it can be merged. I'm out of office until next week but will do so when back.

Bests

On 27 Oct 2016 23:23, "Luis Zárate" <luis...@gmail.com> wrote:

This is alive in

https://github.com/django/django/pull/6734

The other PR was close because this have not merge conflict.

I think this functionality is needed an will be included soon.




El jueves, 27 de octubre de 2016, mmatt <meh...@edgle.com> escribió:
> On another note, I believe django dev team needs to understand life is rarely boolean. That is, even the staff that you trust, you don't always trust 100% :) actually almost never trust 100% so good to have options. 
> Mehmet
>
> On Wednesday, June 1, 2016 at 4:59:47 AM UTC-5, Derek wrote:
>>
>> My own observation, from years on this mailing list, is that the dev team do not consider this a must-have for Django; their view (as far as I understand it!) is that the admin is designed for trusted users, so simply do not let them have access at all.  Having said that, there is a pull request underway for a feature that seems similar to what you want:
>>
>> https://github.com/django/django/pull/5297
>>
>> (P.S. Also bear in mind that Django, like most FOSS projects, is not actually a democracy - so something 'the people want" does not necessarily get done; not understanding this trips many people up...)
>>
>> On Monday, 30 May 2016 20:13:18 UTC+2, Ander Ustarroz wrote:
>>>
>>> I am surprised this feature is not implemented yet, at the moment when we create a new model  three permissions are created automatically:
>>>
>>> add_permission
>>> change_permission
>>> delete_permission
>>>
>>> We really missing the view_permission here, when we want staff to be able to see the content but not being able to modify it. Searching a bit,  you can find many different implementations to achieve this, but all of them are extending django.contrib.admin.ModelAdmin. Having so many people rewriting these methods in my opinion is a clear sign that this feature should be part of the core. 
>>>
>>> Regards,
>>>
> --
> You received this message because you are subscribed to the Google Groups "Django users" group.

> To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.

> To post to this group, send email to django...@googlegroups.com.
> Visit this group at https://groups.google.com/group/django-users.
> To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/3c4931c3-453f-4a80-a62d-16bc9873817b%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>

--

"La utopía sirve para caminar" Fernando Birri

--
You received this message because you are subscribed to the Google Groups "Django users" group.

To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.

To post to this group, send email to django...@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.

To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CAG%2B5VyNvMr6Ch5zdDz%2Bb%3DWX5%3D0-pnmnj%3DTykkU3N_KXQibHgiw%40mail.gmail.com.

[Luis Zárate]

Great I have been waiting this functionality for years :).

Please let me know when your PR is merge.

El sábado, 29 de octubre de 2016, Olivier Dalang <olivier...@gmail.com> escribió:
> Indeed I just have to squash the commits then it can be merged. I'm out of office until next week but will do so when back.
>
> Bests
>
> On 27 Oct 2016 23:23, "Luis Zárate" <luis...@gmail.com> wrote:
>>
>> This is alive in
>>
>> https://github.com/django/django/pull/6734
>>
>> The other PR was close because this have not merge conflict.
>>
>> I think this functionality is needed an will be included soon.
>>
>>
>>
>>
>> El jueves, 27 de octubre de 2016, mmatt <meh...@edgle.com> escribió:
>> > On another note, I believe django dev team needs to understand life is rarely boolean. That is, even the staff that you trust, you don't always trust 100% :) actually almost never trust 100% so good to have options. 
>> > Mehmet
>> >
>> > On Wednesday, June 1, 2016 at 4:59:47 AM UTC-5, Derek wrote:
>> >>
>> >> My own observation, from years on this mailing list, is that the dev team do not consider this a must-have for Django; their view (as far as I understand it!) is that the admin is designed for trusted users, so simply do not let them have access at all.  Having said that, there is a pull request underway for a feature that seems similar to what you want:
>> >>
>> >> https://github.com/django/django/pull/5297
>> >>
>> >> (P.S. Also bear in mind that Django, like most FOSS projects, is not actually a democracy - so something 'the people want" does not necessarily get done; not understanding this trips many people up...)
>> >>
>> >> On Monday, 30 May 2016 20:13:18 UTC+2, Ander Ustarroz wrote:
>> >>>
>> >>> I am surprised this feature is not implemented yet, at the moment when we create a new model  three permissions are created automatically:
>> >>>
>> >>> add_permission
>> >>> change_permission
>> >>> delete_permission
>> >>>
>> >>> We really missing the view_permission here, when we want staff to be able to see the content but not being able to modify it. Searching a bit,  you can find many different implementations to achieve this, but all of them are extending django.contrib.admin.ModelAdmin. Having so many people rewriting these methods in my opinion is a clear sign that this feature should be part of the core. 
>> >>>
>> >>> Regards,
>> >>>
>> > --
>> > You received this message because you are subscribed to the Google Groups "Django users" group.

>> > To unsubscribe from this group and stop receiving emails from it, send an email to django-users...@googlegroups.com.

>> > To post to this group, send email to django...@googlegroups.com.
>> > Visit this group at https://groups.google.com/group/django-users.
>> > To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/3c4931c3-453f-4a80-a62d-16bc9873817b%40googlegroups.com.
>> > For more options, visit https://groups.google.com/d/optout.
>> >
>>
>> --
>> "La utopía sirve para caminar" Fernando Birri
>>

>> <https://ci3.googleusercontent.com/proxy/pleYFBjRTaqPzwl0QWV68XGbm9_iKE548G9HnZip6o7gk46Dni4svLKWIxqanv21wf4L-oDTIVyWUviHHYQOxYJ_VR-E2QHnDRBqrtZefM09Bgx09obS9PzSCP77HVIAehvKQVoH7RXKVRwJcXB8ZhPlAlEmO_2MsbjN1bH8rF0L8O0qa_FTVnBaZA84NQjOjE3lH9ACs5sERtY=s0-d-e1-ft#https://docs.google.com/uc?export=download&id=0B4-s_Bgz_-NSN0V3b24zU25fMW8&revid=0B4-s_Bgz_-NSdy9OTkYzcDN6RGZITWl5amdqT3JxVnNVVSswPQ>

>>
>> --
>> You received this message because you are subscribed to the Google Groups "Django users" group.

>> To unsubscribe from this group and stop receiving emails from it, send an email to django-users...@googlegroups.com.

>> To post to this group, send email to django...@googlegroups.com.
>> Visit this group at https://groups.google.com/group/django-users.
>> To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CAG%2B5VyNvMr6Ch5zdDz%2Bb%3DWX5%3D0-pnmnj%3DTykkU3N_KXQibHgiw%40mail.gmail.com.
>> For more options, visit https://groups.google.com/d/optout.
>

> --
> You received this message because you are subscribed to the Google Groups "Django users" group.

> To unsubscribe from this group and stop receiving emails from it, send an email to django-users...@googlegroups.com.

> To post to this group, send email to django...@googlegroups.com.
> Visit this group at https://groups.google.com/group/django-users.

> To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CAExk7p3S0p7qO-9CDUPgDc9tyt%3DR%2Bd2XPeJkMxt8QSP13XRCFQ%40mail.gmail.com.