jrief / django-admin-sortable2

Generic drag-and-drop ordering for objects in the Django admin interface
https://django-admin-sortable2.readthedocs.io/en/latest/
Other
767 stars 180 forks source link

Ordering actions still rendered in action dropdown even if user don't have change permission. #400

Open girase1pranay opened 3 months ago

girase1pranay commented 3 months ago

Python: 3.11 Django: 5.0.4

In admin change list, ordering actions [ move_to_exact_page, move_to_back_page, move_to_last_page, move_to_first_page, move_to_forward_page] still rendered in action dropdown even if user don't have change permission.

How can we remove those actions from dropdown on the basis of permission?

jrief commented 3 months ago

Fair point. I have to fix that.

drowsyzen commented 3 months ago

Hi Jrief,

I’d like to take this issue. If you could assign it to me, that would be helpful. I have read the Contributor's Guide and will follow it.

girase1pranay commented 3 months ago

@jrief, By when can we expect the new release?

jrief commented 3 months ago

@drowsyzen you can come up with a pull request. I then will review it.

drowsyzen commented 2 months ago

@jrief i am working on the solution and will open pull request soon(by tomorrow). I have one query.

There are four permissions for model in admin (add, change, delete, view).

For which of these the dropdown should come and for which should it not?

Currently I am making it so that users with view permission will not see the dropdowns. And users with either on of the rest three will see the dropdowns.

jrief commented 2 months ago

In my opinion the change_<my_model> permission would be appropriate. An alternative would be to add a custom permission to the model's Meta-class, say [("reorder", "Can reorder items")] as described here: https://docs.djangoproject.com/en/5.1/ref/models/options/#permissions and use the change-permission as fallback.