[Django] #17905: Admin documentation lists all models, even for users without access to certain applications

[Django]

#17905: Admin documentation lists all models, even for users without access to
certain applications
-----------------------------------+-------------------------
Reporter: chriscohoat | Owner: nobody
Type: New feature | Status: new
Component: contrib.admindocs | Version: 1.4-alpha-1
Severity: Normal | Keywords:
Triage Stage: Unreviewed | Has patch: 1
Easy pickings: 0 | UI/UX: 0
-----------------------------------+-------------------------
By default, the admin docs lists documentation for all models. Some users
may not have access to models that are still listed in their entirety.

The easiest way to fix this was to check each model in the model index,
and only add the model to the listing if a user has the correct
permissions. I'm not sure if this is the correct way to go about this, but
I'm submitting the patch for review.

--
Ticket URL: <https://code.djangoproject.com/ticket/17905>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

[Django]

#17905: Admin documentation lists all models, even for users without access to
certain applications

-----------------------------------+---------------------------------------

Reporter: chriscohoat | Owner: nobody
Type: New feature | Status: new
Component: contrib.admindocs | Version: 1.4-alpha-1

Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0

Easy pickings: 0 | UI/UX: 0

-----------------------------------+---------------------------------------
Changes (by jezdez):

* needs_better_patch: => 0
* needs_docs: => 0
* needs_tests: => 0
* stage: Unreviewed => Accepted

Comment:

Yeah, this seems sensible. The patch you attached seems to have been
generated wrong though, in the wrong order.

--
Ticket URL: <https://code.djangoproject.com/ticket/17905#comment:1>

[Django]

#17905: Admin documentation lists all models, even for users without access to
certain applications

-----------------------------------+---------------------------------------

Reporter: chriscohoat | Owner: nobody
Type: New feature | Status: new
Component: contrib.admindocs | Version: 1.4-alpha-1

Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted

Has patch: 1 | Needs documentation: 1
Needs tests: 0 | Patch needs improvement: 1

Easy pickings: 0 | UI/UX: 0

-----------------------------------+---------------------------------------
Changes (by jezdez):

* needs_better_patch: 0 => 1
* needs_docs: 0 => 1

--
Ticket URL: <https://code.djangoproject.com/ticket/17905#comment:2>

[Django]

#17905: Admin documentation lists all models, even for users without access to
certain applications

-----------------------------------+---------------------------------------
Reporter: chriscohoat | Owner: Rizach

Type: New feature | Status: new
Component: contrib.admindocs | Version: 1.4-alpha-1

Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 1

Needs tests: 0 | Patch needs improvement: 1

Easy pickings: 0 | UI/UX: 0

-----------------------------------+---------------------------------------
Changes (by Rizach):

* owner: nobody => Rizach

--
Ticket URL: <https://code.djangoproject.com/ticket/17905#comment:3>

[Django]

#17905: Admin documentation lists all models, even for users without access to
certain applications

-----------------------------------+---------------------------------------
Reporter: chriscohoat | Owner: Rizach

Type: New feature | Status: new
Component: contrib.admindocs | Version: 1.4-alpha-1

Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 1

Needs tests: 0 | Patch needs improvement: 0

Easy pickings: 0 | UI/UX: 0

-----------------------------------+---------------------------------------
Changes (by Rizach):

* needs_better_patch: 1 => 0

--
Ticket URL: <https://code.djangoproject.com/ticket/17905#comment:4>

[Django]

#17905: Admin documentation lists all models, even for users without access to
certain applications

-----------------------------------+---------------------------------------
Reporter: chriscohoat | Owner: Rizach

Type: New feature | Status: new
Component: contrib.admindocs | Version: 1.4-alpha-1

Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 1

Needs tests: 0 | Patch needs improvement: 1

Easy pickings: 0 | UI/UX: 0

-----------------------------------+---------------------------------------
Changes (by Rizach):

* needs_better_patch: 0 => 1

Comment:

Noticed that it's possible to direct access models.

--
Ticket URL: <https://code.djangoproject.com/ticket/17905#comment:5>

[Django]

#17905: Admin documentation lists all models, even for users without access to
certain applications

-----------------------------------+---------------------------------------
Reporter: chriscohoat | Owner: Rizach

Type: New feature | Status: new
Component: contrib.admindocs | Version: 1.4-alpha-1

Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 1

Needs tests: 0 | Patch needs improvement: 0

Easy pickings: 0 | UI/UX: 0

-----------------------------------+---------------------------------------
Changes (by Rizach):

* needs_better_patch: 1 => 0

--
Ticket URL: <https://code.djangoproject.com/ticket/17905#comment:6>

[Django]

#17905: Admin documentation lists all models, even for users without access to
certain applications

-----------------------------------+---------------------------------------
Reporter: chriscohoat | Owner: Rizach

Type: New feature | Status: new
Component: contrib.admindocs | Version: 1.4-alpha-1

Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted

Has patch: 1 | Needs documentation: 0

Needs tests: 0 | Patch needs improvement: 0

Easy pickings: 0 | UI/UX: 0

-----------------------------------+---------------------------------------
Changes (by Rizach):

* needs_docs: 1 => 0

Comment:

Added documentation and added to pull request:
https://github.com/django/django/pull/534

--
Ticket URL: <https://code.djangoproject.com/ticket/17905#comment:7>

[Django]

#17905: Admin documentation lists all models, even for users without access to
certain applications

-----------------------------------+---------------------------------------
Reporter: chriscohoat | Owner: Rizach

Type: New feature | Status: new
Component: contrib.admindocs | Version: 1.4-alpha-1

Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0

Needs tests: 1 | Patch needs improvement: 0

Easy pickings: 0 | UI/UX: 0

-----------------------------------+---------------------------------------
Changes (by claudep):

* needs_tests: 0 => 1

--
Ticket URL: <https://code.djangoproject.com/ticket/17905#comment:8>

[Django]

#17905: Admin documentation lists all models, even for users without access to
certain applications

-------------------------------------+-------------------------------------
Reporter: chriscohoat | Owner:
Type: New feature | gszczepanczyk
Component: contrib.admindocs | Status: assigned
Severity: Normal | Version:
Keywords: | 1.4-alpha-1
Has patch: 1 | Resolution:
Needs tests: 1 | Triage Stage: Accepted
Easy pickings: 0 | Needs documentation: 0
| Patch needs improvement: 0
| UI/UX: 0
-------------------------------------+-------------------------------------
Changes (by gszczepanczyk):

* owner: Rizach => gszczepanczyk
* status: new => assigned

--
Ticket URL: <https://code.djangoproject.com/ticket/17905#comment:9>

[Django]

#17905: Admin documentation lists all models, even for users without access to
certain applications

-------------------------------------+-------------------------------------
Reporter: chriscohoat | Owner: SAI
| GANESH S
Type: New feature | Status: assigned
Component: contrib.admindocs | Version:
| 1.4-alpha-1

Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted

Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0

Easy pickings: 0 | UI/UX: 0

-------------------------------------+-------------------------------------
Changes (by SAI GANESH S):

* cc: SAI GANESH S (added)
* has_patch: 1 => 0
* needs_tests: 1 => 0
* owner: Grzegorz Szczepańczyk => SAI GANESH S

--
Ticket URL: <https://code.djangoproject.com/ticket/17905#comment:10>

[Django]

#17905: Admin documentation lists all models, even for users without access to
certain applications

-------------------------------------+-------------------------------------
Reporter: chriscohoat | Owner: SAI
| GANESH S
Type: New feature | Status: assigned

Component: contrib.admindocs | Version:
| 1.4-alpha-1

Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted

Has patch: 1 | Needs documentation: 0

Needs tests: 0 | Patch needs improvement: 0

Easy pickings: 0 | UI/UX: 0

-------------------------------------+-------------------------------------
Changes (by SAI GANESH S):

* has_patch: 0 => 1

Comment:

https://github.com/django/django/pull/18783
--
Ticket URL: <https://code.djangoproject.com/ticket/17905#comment:11>

[Django]

#17905: Admin documentation lists all models, even for users without access to
certain applications

-------------------------------------+-------------------------------------
Reporter: chriscohoat | Owner: SAI
| GANESH S
Type: New feature | Status: assigned

Component: contrib.admindocs | Version:
| 1.4-alpha-1

Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0

Needs tests: 0 | Patch needs improvement: 1

Easy pickings: 0 | UI/UX: 0

-------------------------------------+-------------------------------------
Changes (by Sarah Boyce):

* needs_better_patch: 0 => 1

--
Ticket URL: <https://code.djangoproject.com/ticket/17905#comment:12>

[Django]

#17905: Admin documentation lists all models, even for users without access to
certain applications

-------------------------------------+-------------------------------------
Reporter: chriscohoat | Owner: SAI
| GANESH S
Type: New feature | Status: assigned

Component: contrib.admindocs | Version:
| 1.4-alpha-1
Severity: Normal | Resolution:
Keywords: | Triage Stage: Ready for
| checkin

Has patch: 1 | Needs documentation: 0

Needs tests: 0 | Patch needs improvement: 0

Easy pickings: 0 | UI/UX: 0

-------------------------------------+-------------------------------------
Changes (by Sarah Boyce):

* needs_better_patch: 1 => 0
* stage: Accepted => Ready for checkin

--
Ticket URL: <https://code.djangoproject.com/ticket/17905#comment:13>

[Django]

#17905: Admin documentation lists all models, even for users without access to
certain applications

-------------------------------------+-------------------------------------
Reporter: chriscohoat | Owner: SAI
| GANESH S

Type: New feature | Status: closed
Component: contrib.admindocs | Version:
| 1.4-alpha-1
Severity: Normal | Resolution: fixed

Keywords: | Triage Stage: Ready for
| checkin
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0

Easy pickings: 0 | UI/UX: 0

-------------------------------------+-------------------------------------
Changes (by Sarah Boyce <42296566+sarahboyce@…>):

* resolution: => fixed
* status: assigned => closed

Comment:

In [changeset:"c12bc980e5b2bb25e447cd8dee550cad767f1ad2" c12bc98]:
{{{#!CommitTicketReference repository=""
revision="c12bc980e5b2bb25e447cd8dee550cad767f1ad2"
Fixed #17905 -- Restricted access to model pages in admindocs.

Only users with view or change model permissions can access.
Thank you to Sarah Boyce for the review.
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/17905#comment:14>