Hi Tobias, 

Thank you for your effort here. Sorry for the slowish response: it's just a 
question of getting round to it. 

The basic issue here is people what to avoid this: 

    if user.has_perm('foo.change_bar', obj=bar) or 
user.has_perm('foo.change_bar'):
        ...

(Or they find it surprising or ...) 

Last time this came up (around #20218) there weren't very many or strong 
opinions, so I came down against a breaking change. 
(I don't mind the existing permissions: they've been the same ≈forever, so 
I see no reason to change.) 

What you've done in your two PRs is nice I think: 

* https://github.com/django/django/pull/10601
* https://github.com/django/django/pull/10600

* Added a `DefaultObjectBackend` on an opt-in basis which gives the 
alternate behaviour. 
* Added the `get_premission_object()` hook, so that can be overridden. 

Both of these have small footprints and no breaking changes. So I think +1 
yes. 

My only concern thus far is bringing out the change well enough in the 
release notes and docs. 
(Split between the two PRs I'm not sure it quite does that.) 

Kind Regards,

Carlton

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at https://groups.google.com/group/django-developers.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/a544987a-1a6a-4d5b-81e0-db8783f597aa%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to