#35959: Admin "Change password" Button Visible with Only "Can view user"
Permission
-------------------------------------+-------------------------------------
Reporter: Dev Namdev | Owner: Brock
| Smickley
Type: Bug | Status: assigned
Component: contrib.admin | Version: 5.1
Severity: Normal | Resolution:
Keywords: Permissions, Admin | Triage Stage: Accepted
Interface, Change Password, View |
User, Permission Bug |
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 1
-------------------------------------+-------------------------------------
Comment (by Matthias Kestenholz):
I wonder if hiding the button using CSS would be a workable alternative?
The password field shows the hashing algorithm and details about it, and
also mentions that raw passwords are not stored. That's possibly useful
information for users even if they only have view permissions.
I could imagine adding inline CSS like `.field-password button { display:
none }` if a user doesn't have the necessary permissions.
It may be too terrible to contemplate. On the other hand,
`django/contrib/admin/templates/admin/auth/user/add_form.html` exists and
adding `django/contrib/admin/templates/admin/auth/user/change_form.html`
may not be too bad.
--
Ticket URL: <https://code.djangoproject.com/ticket/35959#comment:9>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-updates+unsubscr...@googlegroups.com.
To view this discussion visit
https://groups.google.com/d/msgid/django-updates/010701946e572bb7-d33036e4-6a70-4677-a3a0-467d02ed2e1d-000000%40eu-central-1.amazonses.com.
