Dear group, with https://code.djangoproject.com/ticket/29120 it was documented that the change permission of the related model was needed, later https://code.djangoproject.com/ticket/29502 reduced this from change to view permission.
However, there is a problem that was well described in this comment: https://code.djangoproject.com/ticket/29502#comment:1 > Good example would be a foreign key to a user. You don't want anyone but > superusers to have access to the user model, but you would have to in this > case. Also mentioned by Carlton at: https://code.djangoproject.com/ticket/29502#comment:1 > There's a slight inconsistency in that no permission to the related model is > needed if you don't use autocomplete. Combined with https://code.djangoproject.com/ticket/29700, which was closed as wontfix, there is a dilemma: Either give anyone who is supposed to work with the parent model view permission to the User model, or forego the autocomplete feature. Would it be possible to remove the permission check from AutocompleteJsonView entirely? Alternatively, another permission „view string representation“? That, imho, would be the clean and proper solution – but also the most elaborate and expensive. Best regards, Carsten -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/d7847621-8331-8145-3484-02cfc417ae82%40cafu.de.
