[Django] #25281: Permission strings don't uniquely identify permissions
Django
------------------------------+--------------------
Reporter: ppiet | Owner: nobody
Type: Bug | Status: new
Component: contrib.auth | Version: master
Severity: Normal | Keywords:
Triage Stage: Unreviewed | Has patch: 0
Easy pickings: 0 | UI/UX: 0
------------------------------+--------------------
APIs related to permissions (e.g. User.has_perm()) take a 'permission
string' argument of format "<app label>.<permission codename>" to refer to
Permissions.
But each permission is uniquely defined on the model level as a tuple of
(content type, permission name). As content type refers to concrete model
within a concrete app, we should be using permission string of the format
"<app label>.<model name>.<permission codename>".
This becomes a concrete issue once one wants to define custom permissions
for their models, and doesn't observe the convention of putting the model
name in the permission codenames (or wants to inherit the custom
permissions form an abstract model).
See also https://groups.google.com/forum/#!searchin/django-
developers/permissions/django-developers/ngV5KhLXUrQ/DTfqhG0LRG4J .
--
Ticket URL: <https://code.djangoproject.com/ticket/25281>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
Django
Reporter: ppiet | Owner: nobody
Type: Cleanup/optimization | Status: new
Component: contrib.auth | Version: master
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Changes (by timgraham):
* needs_better_patch: => 0
* needs_docs: => 0
* type: Bug => Cleanup/optimization
* needs_tests: => 0
* stage: Unreviewed => Accepted
Comment:
If someone wants to work on this, please add your implementation plan to
the mailing list thread to get feedback first.
--
Ticket URL: <https://code.djangoproject.com/ticket/25281#comment:1>
Django
Reporter: Przemysław | Owner: tsyplakou
Pietrzkiewicz |
Type: | Status: assigned
Cleanup/optimization |
Component: contrib.auth | Version: master
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Easy pickings: 0 | UI/UX: 0
Changes (by tsyplakou):
* owner: nobody => tsyplakou
* status: new => assigned
--
Ticket URL: <https://code.djangoproject.com/ticket/25281#comment:2>
Django
Reporter: Przemysław | Owner: tsyplakou
Pietrzkiewicz |
Type: | Status: assigned
Cleanup/optimization |
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Changes (by felixxm):
* has_patch: 0 => 1
Comment:
[https://github.com/django/django/pull/13086 PR]
--
Ticket URL: <https://code.djangoproject.com/ticket/25281#comment:3>
Django
Reporter: Przemysław | Owner: tsyplakou
Pietrzkiewicz |
Type: | Status: assigned
Cleanup/optimization |
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Needs tests: 0 | Patch needs improvement: 1
Easy pickings: 0 | UI/UX: 0
Changes (by Carlton Gibson):
* needs_better_patch: 0 => 1
* needs_docs: 0 => 1
--
Ticket URL: <https://code.djangoproject.com/ticket/25281#comment:4>
Django
Reporter: Przemysław | Owner: (none)
Pietrzkiewicz |
Type: | Status: new
Cleanup/optimization |
Component: contrib.auth | Version: dev
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 1
Needs tests: 0 | Patch needs improvement: 1
Changes (by Mariusz Felisiak):
* owner: tsyplakou => (none)
* status: assigned => new
--
Ticket URL: <https://code.djangoproject.com/ticket/25281#comment:5>
Django
Reporter: Przemysław | Owner: (none)
Pietrzkiewicz |
Type: | Status: new
Cleanup/optimization |
Component: contrib.auth | Version: dev
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 1
Needs tests: 0 | Patch needs improvement: 1
Changes (by Sage Abdullah):
* cc: Sage Abdullah (added)
--
Ticket URL: <https://code.djangoproject.com/ticket/25281#comment:6>