add view_permission

Skip to first unread message


Nov 16, 2011, 11:47:55 AM11/16/11
to Django developers
i've been thinking about a new django admin feature, that could be
backward implemented

it's about adding a view permission for models

so we can have


in the changelist_view view_permission allow user to see the
changelist, but user still need a change_permission to use the
in the change_view, having a view_permission allow to see the object,
but the method get_read_only_fields returns all the fields.

in every case a POST request raise a PermissionDenied if the user do
not have a change_permission, but allows GET request if user got a

view_permission could be added on the next syncdb...

Bradley Ayers

Nov 16, 2011, 1:47:49 PM11/16/11
I would benefit from this. With administration systems I build with Django I generally have to add my own 'view_foo' permission to each model. +1

> --
> You received this message because you are subscribed to the Google Groups "Django developers" group.
> To post to this group, send email to
> To unsubscribe from this group, send email to
> For more options, visit this group at


Nov 16, 2011, 2:17:17 PM11/16/11
to Django developers
yes i would use it too, because i've got a lot of models with a view
permission to the final user but with no change permission.

it could be archived with backward compatibility, because by default a
user has got no view permission
view permission can be added with a syncdb, and user must add them
from the admin panel

don't see backward issue, it would be a nice feature.

Aymeric Augustin

Nov 16, 2011, 2:21:49 PM11/16/11
Hi Ric,

This feature request is quite common, and it's tracked here:

A few people talked to me since I wrote the GSoC project description linked in comment #5, but I don't think anyone is actively working on this.

Since we deprecated databrowse, the problem is much simpler than what I described. It's probably still more complicated than what a patch can handle.

If you want to work on this ticket, I suggest to:
a) read the contributing guide in the docs (if you haven't yet),
b) review related discussions on this mailing list, and search for related tickets in Trac,
c) post a more detailed proposal here,
d) fork the bitbucket or github mirror and work on your clone,
e) track your progress by commenting on the ticket or on the mailing list.

Be aware that this isn't an easy ticket — you may prefer to start with smaller issues and tackle this when you're more at ease with our development process.

Best regards,

Aymeric Augustin.


Nov 16, 2011, 2:43:17 PM11/16/11
to Django developers
ok i can give a try...

maybe it's difficult, not to much. i have to see inline models, and
give the right behavior....

so from github i can fork django 1.3.1, but actually i'm working with
the latest version.

should i fork the lastest?

On 16 Nov, 20:21, Aymeric Augustin


Nov 16, 2011, 2:51:28 PM11/16/11
to Django developers
at a first look, the big file to patch is django.contrib.admin.options

i need also to add a method to django.db.models.options

def get_view_permission(self):
return 'view_%s' % self.object_name.lower()

so maybe it's better to work only on and make a .diff,

Aymeric Augustin

Nov 16, 2011, 4:17:22 PM11/16/11
Hi Ric,

I've noticed that you're posting a lot on this mailing list. Please remember that each email sent here is broadcasted to around 7000 people, each of whom will need a few seconds to decide if it's interesting.

You're expected to do some research and to structure your thoughts and questions before posting. From my own experience, it's unusual to write an email for django-developers in less than an hour, and it can even take several days. "Stream of thought" messages aren't appropriate; if you want to chat, please join the #django-dev on FreeNode.

Thanks for your understanding!

Aymeric Augustin.


Nov 16, 2011, 5:28:12 PM11/16/11
to Django developers
fine i'll keep in mind.

On 16 Nov, 22:17, Aymeric Augustin


Nov 16, 2011, 6:19:29 PM11/16/11
to Django developers
ok this is my last message, i swear!

i've created a new file and a .diff, and i've attached it
to the ticket you send to me.


i've tested it and it works, it's pretty basic and there is more work
to do.

what i've done is to add a method has_view_permission, and check a
view permission in every view

i also created a get_list_editable, and i add in get_list_editable and
in get_readonly_fields a check, and it returns original read_only and
list_editable only if user has got a change_pemission

i also raise a permission error every time there is a post request and
user do not have a change_permission

a also ask for view_permission in history_view.


fix inlines fix submit_row

add a opts.has_view_permission()
Reply all
Reply to author
0 new messages