Actually, I must have changed my code and refreshed an already rendered
form when I thought it was working. Just clicking on the wrong model in
the admin list pops up a 403 Forbidden page. It looks like
ModelAdmin.has_change_permission() must return True to render the change
form.
Maybe someone can tell me how to make a model read-only for certain
users based on their relationship with the model?
To elaborate somewhat, a company owns a substance displayed on a page in
the admin and any user should be able to see it but only users who are
members of the same company may change or delete it.
Thanks