I have added row level permissions with django-guardian to my project.
From the setup, it seems that everything is working fine:
- Special guardian tables created (guardian_groupobjectpermission, guardian_userobjectpermission)
- Models with GuardedModelAdmin show the Object Rights feature next to History
- It allows me to assign permissions "Add", "Change", "Delete" for users / groups.
But assigning (without assigning) permissions does not have any effect on the admin interface. Each user is allowed to do everything with all objects.
I tried with
user_can_access_owned_objects_only = True
but this only affects the ability to view objects. As soon as the user sees it, he can also change and delete it. Regardless of what is set in the permissions.
And I followed another discussion suggesting this in ModelAdmin
def queryset(self, request): if request.user.is_superuser: return get_objects_for_user(user=request.user, perms=['change_program'], klass=Program)
But this has a similar effect, as indicated above, it limits the visible elements.
I would hope to see the โsaveโ and โdeleteโ buttons of the administrator (and functions) while listening to django-guardian. Is this a misunderstanding? Or didnโt I just walk along the whole road?
Thanks for any hint! R
szeta source share