[Django] #29419: Missing change in permissions for admin actions from release notes

classic Classic list List threaded Threaded
20 messages Options
Reply | Threaded
Open this post in threaded view
|

[Django] #29419: Missing change in permissions for admin actions from release notes

Django
#29419: Missing change in permissions for admin actions from release notes
-----------------------------------------+------------------------
               Reporter:  Paulo          |          Owner:  nobody
                   Type:  Uncategorized  |         Status:  new
              Component:  Documentation  |        Version:  2.1
               Severity:  Normal         |       Keywords:
           Triage Stage:  Unreviewed     |      Has patch:  0
    Needs documentation:  0              |    Needs tests:  0
Patch needs improvement:  0              |  Easy pickings:  0
                  UI/UX:  0              |
-----------------------------------------+------------------------
 In the pr that introduced view only admin, there was also a change to
 require user to have the "change" permission in order to render admin
 actions.

 This is a backwards incompatible change, as such, it would be good to have
 it in https://docs.djangoproject.com/en/dev/releases/2.1/

--
Ticket URL: <https://code.djangoproject.com/ticket/29419>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

--
You received this message because you are subscribed to the Google Groups "Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/051.ca1b744d4c52e684344a7b2fb0c246d2%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: [Django] #29419: Document the change in permissions required to perform admin actions (was: Missing change in permissions for admin actions from release notes)

Django
#29419: Document the change in permissions required to perform admin actions
---------------------------------+------------------------------------
     Reporter:  Paulo            |                    Owner:  nobody
         Type:  Bug              |                   Status:  new
    Component:  Documentation    |                  Version:  2.1
     Severity:  Release blocker  |               Resolution:
     Keywords:                   |             Triage Stage:  Accepted
    Has patch:  0                |      Needs documentation:  0
  Needs tests:  0                |  Patch needs improvement:  0
Easy pickings:  0                |                    UI/UX:  0
---------------------------------+------------------------------------
Changes (by Tim Graham):

 * type:  Uncategorized => Bug
 * severity:  Normal => Release blocker
 * stage:  Unreviewed => Accepted


Comment:

 On second thought, I wonder if this is the best design decision. For
 example, you would expect the default "deleted selected" bulk action to
 require the delete permission rather than the change permission, right?

--
Ticket URL: <https://code.djangoproject.com/ticket/29419#comment:1>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

--
You received this message because you are subscribed to the Google Groups "Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/066.db974ea6c341bd4b0b9ce3f5cd4a18de%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: [Django] #29419: Document the change in permissions required to perform admin actions

Django
In reply to this post by Django
#29419: Document the change in permissions required to perform admin actions
---------------------------------+------------------------------------
     Reporter:  Paulo            |                    Owner:  nobody
         Type:  Bug              |                   Status:  new
    Component:  Documentation    |                  Version:  2.1
     Severity:  Release blocker  |               Resolution:
     Keywords:                   |             Triage Stage:  Accepted
    Has patch:  0                |      Needs documentation:  0
  Needs tests:  0                |  Patch needs improvement:  0
Easy pickings:  0                |                    UI/UX:  0
---------------------------------+------------------------------------

Comment (by Hiroki Kiyohara):

 I understood. You meant the behavior of ``ModelAdmin.get_actions`` has
 changed, and it should be described as backward incompatible change.
 https://github.com/django/django/blob/2.1a1/django/contrib/admin/options.py#L863-L865

 I agree.

 We need...
 * Writing about it in the release note
 * Adding "version changed" note here
 https://docs.djangoproject.com/en/dev/ref/contrib/admin/actions/#django.contrib.admin.ModelAdmin.get_actions

 Also I agree that the current design is not perfect.
 * Actions like "CSV Download" requires only "view" permission, so
 disabling all actions by "change" permission does not make sense for me
 * Django should notice which permission is required by each actions
 https://github.com/django/django/pull/5297#discussion_r42751084

--
Ticket URL: <https://code.djangoproject.com/ticket/29419#comment:2>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

--
You received this message because you are subscribed to the Google Groups "Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/066.f2c83750aa07269a59c2dbac7a2ecbfb%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: [Django] #29419: Document the change in permissions required to perform admin actions

Django
In reply to this post by Django
#29419: Document the change in permissions required to perform admin actions
-------------------------------------+-------------------------------------
     Reporter:  Paulo                |                    Owner:  Hiroki
                                     |  Kiyohara
         Type:  Bug                  |                   Status:  assigned
    Component:  Documentation        |                  Version:  2.1
     Severity:  Release blocker      |               Resolution:
     Keywords:                       |             Triage Stage:  Accepted
    Has patch:  0                    |      Needs documentation:  0
  Needs tests:  0                    |  Patch needs improvement:  0
Easy pickings:  0                    |                    UI/UX:  0
-------------------------------------+-------------------------------------
Changes (by Hiroki Kiyohara):

 * owner:  nobody => Hiroki Kiyohara
 * status:  new => assigned


--
Ticket URL: <https://code.djangoproject.com/ticket/29419#comment:3>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

--
You received this message because you are subscribed to the Google Groups "Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/066.36eaf588381667f49d011363eeda685b%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: [Django] #29419: Document the change in permissions required to perform admin actions

Django
In reply to this post by Django
#29419: Document the change in permissions required to perform admin actions
-------------------------------------+-------------------------------------
     Reporter:  Paulo                |                    Owner:  Hiroki
                                     |  Kiyohara
         Type:  Bug                  |                   Status:  assigned
    Component:  Documentation        |                  Version:  2.1
     Severity:  Release blocker      |               Resolution:
     Keywords:                       |             Triage Stage:  Accepted
    Has patch:  1                    |      Needs documentation:  0
  Needs tests:  0                    |  Patch needs improvement:  0
Easy pickings:  0                    |                    UI/UX:  0
-------------------------------------+-------------------------------------
Changes (by Hiroki Kiyohara):

 * has_patch:  0 => 1


Comment:

 I opened the Pull Request https://github.com/django/django/pull/9970

--
Ticket URL: <https://code.djangoproject.com/ticket/29419#comment:4>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

--
You received this message because you are subscribed to the Google Groups "Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/066.066dd43b1e6d7ead79054da7a710ecae%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: [Django] #29419: Document the change in permissions required to perform admin actions

Django
In reply to this post by Django
#29419: Document the change in permissions required to perform admin actions
-------------------------------------+-------------------------------------
     Reporter:  Paulo                |                    Owner:  Hiroki
                                     |  Kiyohara
         Type:  Bug                  |                   Status:  assigned
    Component:  Documentation        |                  Version:  2.1
     Severity:  Release blocker      |               Resolution:
     Keywords:                       |             Triage Stage:  Accepted
    Has patch:  1                    |      Needs documentation:  0
  Needs tests:  0                    |  Patch needs improvement:  0
Easy pickings:  0                    |                    UI/UX:  0
-------------------------------------+-------------------------------------

Comment (by Paulo):

 I agree with giving this change another look.
 It would be more flexible to leave the permissions handling to the actions
 themselves.
 Apps like django-tablib would no longer allow users to export without
 permission to change objects.

--
Ticket URL: <https://code.djangoproject.com/ticket/29419#comment:5>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

--
You received this message because you are subscribed to the Google Groups "Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/066.69ee0f628769616c4d4a7cf6fc1d45c2%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: [Django] #29419: Document the change in permissions required to perform admin actions

Django
In reply to this post by Django
#29419: Document the change in permissions required to perform admin actions
-------------------------------------+-------------------------------------
     Reporter:  Paulo                |                    Owner:  Hiroki
                                     |  Kiyohara
         Type:  Bug                  |                   Status:  assigned
    Component:  Documentation        |                  Version:  2.1
     Severity:  Release blocker      |               Resolution:
     Keywords:                       |             Triage Stage:  Accepted
    Has patch:  1                    |      Needs documentation:  0
  Needs tests:  0                    |  Patch needs improvement:  0
Easy pickings:  0                    |                    UI/UX:  0
-------------------------------------+-------------------------------------

Comment (by Carlton Gibson):

 The previous behaviour here is to show all actions regardless of
 permissions. If then you (for example) try to delete objects without the
 delete permission you'll hit a permission denied error.

 The ''idea'' in the PR is that actions won't be available to read-only
 users, and that ''change'' will imply e.g. ''delete''. Whilst nice in
 theory, neither of those seem to be true.

 There's no current mechanism for actions to specify their permissions.
 That might be a good addition as a separate feature. We could then filter
 displayed actions on that basis.

 For now, the consistent thing would seem to be to continue to display all
 actions regardless of permission levels, allowing that users may run into
 permission denied errors, as they will have up to now.

--
Ticket URL: <https://code.djangoproject.com/ticket/29419#comment:6>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

--
You received this message because you are subscribed to the Google Groups "Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/066.894aa66191ea9f6f633793b8d10b00cb%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: [Django] #29419: Document the change in permissions required to perform admin actions

Django
In reply to this post by Django
#29419: Document the change in permissions required to perform admin actions
-------------------------------------+-------------------------------------
     Reporter:  Paulo                |                    Owner:  Hiroki
                                     |  Kiyohara
         Type:  Bug                  |                   Status:  assigned
    Component:  Documentation        |                  Version:  2.1
     Severity:  Release blocker      |               Resolution:
     Keywords:                       |             Triage Stage:  Accepted
    Has patch:  0                    |      Needs documentation:  0
  Needs tests:  0                    |  Patch needs improvement:  0
Easy pickings:  0                    |                    UI/UX:  0
-------------------------------------+-------------------------------------
Changes (by Carlton Gibson):

 * has_patch:  1 => 0


--
Ticket URL: <https://code.djangoproject.com/ticket/29419#comment:7>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

--
You received this message because you are subscribed to the Google Groups "Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/066.c90c2f1162f95afad83aea0570643f7b%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: [Django] #29419: Limiting visibility of Admin actions to `change` permission only isn't right. (was: Document the change in permissions required to perform admin actions)

Django
In reply to this post by Django
#29419: Limiting visibility of Admin actions to `change` permission only isn't
right.
-------------------------------------+-------------------------------------
     Reporter:  Paulo                |                    Owner:  Hiroki
                                     |  Kiyohara
         Type:  Bug                  |                   Status:  assigned
    Component:  Documentation        |                  Version:  2.1
     Severity:  Release blocker      |               Resolution:
     Keywords:                       |             Triage Stage:  Accepted
    Has patch:  0                    |      Needs documentation:  0
  Needs tests:  0                    |  Patch needs improvement:  0
Easy pickings:  0                    |                    UI/UX:  0
-------------------------------------+-------------------------------------
Description changed by Carlton Gibson:

Old description:

> In the pr that introduced view only admin, there was also a change to
> require user to have the "change" permission in order to render admin
> actions.
>
> This is a backwards incompatible change, as such, it would be good to
> have it in https://docs.djangoproject.com/en/dev/releases/2.1/

New description:

 In the pr that introduced view only admin, there was also a change to
 require user to have the "change" permission in order to render admin
 actions.

 This is a backwards incompatible change, as such, it would be good to have
 it in https://docs.djangoproject.com/en/dev/releases/2.1/

--

--
Ticket URL: <https://code.djangoproject.com/ticket/29419#comment:8>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

--
You received this message because you are subscribed to the Google Groups "Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/066.74f13da419032058d2af1a2e51f101af%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: [Django] #29419: Limiting visibility of Admin actions to `change` permission only isn't right.

Django
In reply to this post by Django
#29419: Limiting visibility of Admin actions to `change` permission only isn't
right.
-------------------------------------+-------------------------------------
     Reporter:  Paulo                |                    Owner:  Hiroki
                                     |  Kiyohara
         Type:  Bug                  |                   Status:  assigned
    Component:  Documentation        |                  Version:  2.1
     Severity:  Release blocker      |               Resolution:
     Keywords:                       |             Triage Stage:  Accepted
    Has patch:  1                    |      Needs documentation:  0
  Needs tests:  0                    |  Patch needs improvement:  0
Easy pickings:  0                    |                    UI/UX:  0
-------------------------------------+-------------------------------------
Changes (by Carlton Gibson):

 * cc: Carlton Gibson (added)
 * has_patch:  0 => 1


--
Ticket URL: <https://code.djangoproject.com/ticket/29419#comment:9>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

--
You received this message because you are subscribed to the Google Groups "Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/066.02296ca8225ae2c540320ac249c68b8c%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: [Django] #29419: Limiting visibility of Admin actions to `change` permission only isn't right.

Django
In reply to this post by Django
#29419: Limiting visibility of Admin actions to `change` permission only isn't
right.
-------------------------------------+-------------------------------------
     Reporter:  Paulo                |                    Owner:  Hiroki
                                     |  Kiyohara
         Type:  Bug                  |                   Status:  assigned
    Component:  Documentation        |                  Version:  2.1
     Severity:  Release blocker      |               Resolution:
     Keywords:                       |             Triage Stage:  Accepted
    Has patch:  1                    |      Needs documentation:  0
  Needs tests:  0                    |  Patch needs improvement:  0
Easy pickings:  0                    |                    UI/UX:  0
-------------------------------------+-------------------------------------

Comment (by Carlton Gibson):

 [https://github.com/django/django/pull/10024 New PR] partially reverting
 825f0beda804e48e9197fcf3b0d909f9f548aa47 to restore visibility of actions
 to all staff users.

 * Individual actions should check permissions.
 * Additionally, users may follow the steps in
 [https://docs.djangoproject.com/en/dev/ref/contrib/admin/actions
 /#conditionally-enabling-or-disabling-actions Conditionally enabling or
 disabling actions].

 _Maybe_ we could add an `allowed_permissions` tuple to the action
 functions — so `delete_selected` would have `(delete,)` — that could be
 examined in the default implementation of `get_actions()`. (but that seems
 like a New Feature beyond the scope of this one...)

--
Ticket URL: <https://code.djangoproject.com/ticket/29419#comment:10>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

--
You received this message because you are subscribed to the Google Groups "Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/066.e5d234f881cca77ce5bd656801bef0e0%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: [Django] #29419: Limiting visibility of Admin actions to `change` permission only isn't right.

Django
In reply to this post by Django
#29419: Limiting visibility of Admin actions to `change` permission only isn't
right.
---------------------------------+------------------------------------
     Reporter:  Paulo            |                    Owner:  (none)
         Type:  Bug              |                   Status:  new
    Component:  Documentation    |                  Version:  2.1
     Severity:  Release blocker  |               Resolution:
     Keywords:                   |             Triage Stage:  Accepted
    Has patch:  1                |      Needs documentation:  0
  Needs tests:  0                |  Patch needs improvement:  0
Easy pickings:  0                |                    UI/UX:  0
---------------------------------+------------------------------------
Changes (by Hiroki Kiyohara):

 * status:  assigned => new
 * owner:  Hiroki Kiyohara => (none)


Comment:

 I think Carlton Gibson should be assigned this issue, so I deassign
 myself.

--
Ticket URL: <https://code.djangoproject.com/ticket/29419#comment:11>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

--
You received this message because you are subscribed to the Google Groups "Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/066.20e63f7f4840da8754ac2adf53bd293e%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: [Django] #29419: Limiting visibility of Admin actions to `change` permission only isn't right.

Django
In reply to this post by Django
#29419: Limiting visibility of Admin actions to `change` permission only isn't
right.
-------------------------------------+-------------------------------------
     Reporter:  Paulo                |                    Owner:  Carlton
                                     |  Gibson
         Type:  Bug                  |                   Status:  assigned
    Component:  Documentation        |                  Version:  2.1
     Severity:  Release blocker      |               Resolution:
     Keywords:                       |             Triage Stage:  Accepted
    Has patch:  1                    |      Needs documentation:  0
  Needs tests:  0                    |  Patch needs improvement:  0
Easy pickings:  0                    |                    UI/UX:  0
-------------------------------------+-------------------------------------
Changes (by Carlton Gibson):

 * status:  new => assigned
 * owner:  (none) => Carlton Gibson


--
Ticket URL: <https://code.djangoproject.com/ticket/29419#comment:12>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

--
You received this message because you are subscribed to the Google Groups "Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/066.8900ecdd5cc9e30d7dab2c188dab31c7%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: [Django] #29419: Limiting visibility of Admin actions to `change` permission only isn't right.

Django
In reply to this post by Django
#29419: Limiting visibility of Admin actions to `change` permission only isn't
right.
-------------------------------------+-------------------------------------
     Reporter:  Paulo                |                    Owner:  Carlton
                                     |  Gibson
         Type:  Bug                  |                   Status:  assigned
    Component:  contrib.admin        |                  Version:  2.1
     Severity:  Release blocker      |               Resolution:
     Keywords:                       |             Triage Stage:  Accepted
    Has patch:  1                    |      Needs documentation:  0
  Needs tests:  0                    |  Patch needs improvement:  0
Easy pickings:  0                    |                    UI/UX:  0
-------------------------------------+-------------------------------------
Changes (by Carlton Gibson):

 * component:  Documentation => contrib.admin


--
Ticket URL: <https://code.djangoproject.com/ticket/29419#comment:13>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

--
You received this message because you are subscribed to the Google Groups "Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/066.e839c6ec98deacd72cacc826600ddd3e%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: [Django] #29419: Limiting visibility of Admin actions to `change` permission only isn't right.

Django
In reply to this post by Django
#29419: Limiting visibility of Admin actions to `change` permission only isn't
right.
-------------------------------------+-------------------------------------
     Reporter:  Paulo                |                    Owner:  Carlton
                                     |  Gibson
         Type:  Bug                  |                   Status:  assigned
    Component:  contrib.admin        |                  Version:  2.1
     Severity:  Release blocker      |               Resolution:
     Keywords:                       |             Triage Stage:  Accepted
    Has patch:  1                    |      Needs documentation:  0
  Needs tests:  0                    |  Patch needs improvement:  0
Easy pickings:  0                    |                    UI/UX:  0
-------------------------------------+-------------------------------------

Comment (by Tim Graham <timograham@…>):

 In [changeset:"b30f9b131c9489b9d9f21c311ecb46d0aea91381" b30f9b13]:
 {{{
 #!CommitTicketReference repository=""
 revision="b30f9b131c9489b9d9f21c311ecb46d0aea91381"
 Refs #29419, #8936 -- Removed change permission requirement for admin
 actions.

 Partially reverted 825f0beda804e48e9197fcf3b0d909f9f548aa47.
 }}}

--
Ticket URL: <https://code.djangoproject.com/ticket/29419#comment:14>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

--
You received this message because you are subscribed to the Google Groups "Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/066.f515b645ffd4f0e317f7205e407836ff%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: [Django] #29419: Limiting visibility of Admin actions to `change` permission only isn't right.

Django
In reply to this post by Django
#29419: Limiting visibility of Admin actions to `change` permission only isn't
right.
-------------------------------------+-------------------------------------
     Reporter:  Paulo                |                    Owner:  Carlton
                                     |  Gibson
         Type:  Bug                  |                   Status:  assigned
    Component:  contrib.admin        |                  Version:  2.1
     Severity:  Release blocker      |               Resolution:
     Keywords:                       |             Triage Stage:  Accepted
    Has patch:  1                    |      Needs documentation:  0
  Needs tests:  0                    |  Patch needs improvement:  0
Easy pickings:  0                    |                    UI/UX:  0
-------------------------------------+-------------------------------------

Comment (by Tim Graham <timograham@…>):

 In [changeset:"aea0e2b9ca8376c1491f98262e20ed6069c70e5e" aea0e2b9]:
 {{{
 #!CommitTicketReference repository=""
 revision="aea0e2b9ca8376c1491f98262e20ed6069c70e5e"
 [2.1.x] Refs #29419, #8936 -- Removed change permission requirement for
 admin actions.

 Partially reverted 825f0beda804e48e9197fcf3b0d909f9f548aa47.

 Backport of b30f9b131c9489b9d9f21c311ecb46d0aea91381 from master
 }}}

--
Ticket URL: <https://code.djangoproject.com/ticket/29419#comment:15>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

--
You received this message because you are subscribed to the Google Groups "Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/066.3ed9f199bcde83b6f3d1a0318feeedc7%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: [Django] #29419: Allow permissioning of admin actions (was: Limiting visibility of Admin actions to `change` permission only isn't right.)

Django
In reply to this post by Django
#29419: Allow permissioning of admin actions
-------------------------------------+-------------------------------------
     Reporter:  Paulo                |                    Owner:  Carlton
                                     |  Gibson
         Type:  New feature          |                   Status:  assigned
    Component:  contrib.admin        |                  Version:  2.1
     Severity:  Release blocker      |               Resolution:
     Keywords:                       |             Triage Stage:  Accepted
    Has patch:  1                    |      Needs documentation:  0
  Needs tests:  0                    |  Patch needs improvement:  1
Easy pickings:  0                    |                    UI/UX:  0
-------------------------------------+-------------------------------------
Changes (by Tim Graham):

 * needs_better_patch:  0 => 1
 * type:  Bug => New feature


--
Ticket URL: <https://code.djangoproject.com/ticket/29419#comment:16>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

--
You received this message because you are subscribed to the Google Groups "Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/066.a037b354f6c57b9bab8a492207adc6af%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: [Django] #29419: Allow permissioning of admin actions

Django
In reply to this post by Django
#29419: Allow permissioning of admin actions
-------------------------------------+-------------------------------------
     Reporter:  Paulo                |                    Owner:  Carlton
                                     |  Gibson
         Type:  New feature          |                   Status:  assigned
    Component:  contrib.admin        |                  Version:  2.1
     Severity:  Release blocker      |               Resolution:
     Keywords:                       |             Triage Stage:  Accepted
    Has patch:  1                    |      Needs documentation:  0
  Needs tests:  0                    |  Patch needs improvement:  0
Easy pickings:  0                    |                    UI/UX:  0
-------------------------------------+-------------------------------------
Changes (by Carlton Gibson):

 * needs_better_patch:  1 => 0


Comment:

 OK, bar another review I think the PR is more or less there.

--
Ticket URL: <https://code.djangoproject.com/ticket/29419#comment:17>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

--
You received this message because you are subscribed to the Google Groups "Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/066.635416c5b5a09f459b6a564039cfe428%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: [Django] #29419: Allow permissioning of admin actions

Django
In reply to this post by Django
#29419: Allow permissioning of admin actions
-------------------------------------+-------------------------------------
     Reporter:  Paulo                |                    Owner:  Carlton
                                     |  Gibson
         Type:  New feature          |                   Status:  closed
    Component:  contrib.admin        |                  Version:  2.1
     Severity:  Release blocker      |               Resolution:  fixed
     Keywords:                       |             Triage Stage:  Accepted
    Has patch:  1                    |      Needs documentation:  0
  Needs tests:  0                    |  Patch needs improvement:  0
Easy pickings:  0                    |                    UI/UX:  0
-------------------------------------+-------------------------------------
Changes (by Tim Graham <timograham@…>):

 * status:  assigned => closed
 * resolution:   => fixed


Comment:

 In [changeset:"958c7b301ead79974db8edd5b9c6588a10a28ae7" 958c7b30]:
 {{{
 #!CommitTicketReference repository=""
 revision="958c7b301ead79974db8edd5b9c6588a10a28ae7"
 Fixed #29419 -- Allowed permissioning of admin actions.
 }}}

--
Ticket URL: <https://code.djangoproject.com/ticket/29419#comment:18>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

--
You received this message because you are subscribed to the Google Groups "Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/066.8bc8616059150d9644b386837fec3daf%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: [Django] #29419: Allow permissioning of admin actions

Django
In reply to this post by Django
#29419: Allow permissioning of admin actions
-------------------------------------+-------------------------------------
     Reporter:  Paulo                |                    Owner:  Carlton
                                     |  Gibson
         Type:  New feature          |                   Status:  closed
    Component:  contrib.admin        |                  Version:  2.1
     Severity:  Release blocker      |               Resolution:  fixed
     Keywords:                       |             Triage Stage:  Accepted
    Has patch:  1                    |      Needs documentation:  0
  Needs tests:  0                    |  Patch needs improvement:  0
Easy pickings:  0                    |                    UI/UX:  0
-------------------------------------+-------------------------------------

Comment (by Tim Graham <timograham@…>):

 In [changeset:"306f1f8ea3e2b54e194a59ac0ecb686460f180e8" 306f1f8]:
 {{{
 #!CommitTicketReference repository=""
 revision="306f1f8ea3e2b54e194a59ac0ecb686460f180e8"
 [2.1.x] Fixed #29419 -- Allowed permissioning of admin actions.

 Backport of 958c7b301ead79974db8edd5b9c6588a10a28ae7 from master
 }}}

--
Ticket URL: <https://code.djangoproject.com/ticket/29419#comment:19>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

--
You received this message because you are subscribed to the Google Groups "Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/066.19e53b4d642eb1adab95dcde0bad229d%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.