How object permissions work in the admin is also a bit of an
undocumented surprise. You need 'change_*' on the model, not just on a
specific object in order to to be able to do just about anything at
all. 'delete_selected` cannot check for object permissions etc.
I just started using django-guardi
On 08/11/2018 12:00, Carlton Gibson wrote:
> Perhaps you could put docs changes you'd make in a third PR (or
> ticket if you like, to discuss the outline)? (Maybe one PR with three
> commits makes it easier to review as a whole.)
I created a pull request with some changes, mostly related to docume
OK, makes sense.
My current thinking is to Accept both. Perhaps you could put docs changes
you'd make in a third PR (or ticket if you like, to discuss the outline)?
(Maybe one PR with three commits makes it easier to review as a whole.)
Thanks for the input! 🏆
On Thursday, 8 November 2018 11:
On 08/11/2018 11:43, Carlton Gibson wrote:
> My only concern thus far is bringing out the change well enough in the
> release notes and docs.
> (Split between the two PRs I'm not sure it quite does that.)
My impression is that authentication backends and object permissions
have already been und
Hi Tobias,
Thank you for your effort here. Sorry for the slowish response: it's just a
question of getting round to it.
The basic issue here is people what to avoid this:
if user.has_perm('foo.change_bar', obj=bar) or
user.has_perm('foo.change_bar'):
...
(Or they find it surpri