#18600: group_required decorator
-------------------------------------+-------------------------------------
Reporter: daniel.walz@… | Owner: nobody
Type: New feature | Status: closed
Component: contrib.auth | Version: 1.4
Severity: Normal | Resolution:
Keywords: group authorization | worksforme
Has patch: 1 | Triage Stage:
Needs tests: 0 | Unreviewed
Easy pickings: 1 | Needs documentation: 0
| Patch needs improvement: 0
| UI/UX: 0
-------------------------------------+-------------------------------------
Comment (by aaugustin):
Let me try to clarify this.
----
Permissions are [https://docs.djangoproject.com/en/dev/topics/auth
/#custom-permissions defined in code] and used by code -- mostly by the
`permission_required` decorator.
They're copied to the database during `syncdb` for convenience. It makes
it easier to attribute them to groups. But that's just a copy, the
authoritative version is still defined by the Python code.
We must not make it possible to create permissions through the admin.
Otherwise how could you be sure that the correct set of permissions --
those used by your code -- exist?
----
On the other hand, groups aren't defined in code (unless you've customized
things, in which case you can write your own `group_required`).
--
Ticket URL: <https://code.djangoproject.com/ticket/18600#comment:3>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit https://groups.google.com/groups/opt_out.
