On Feb 18, 9:14 pm, Malcolm Tredinnick <malc...@pointy-stick.com> wrote: > On Wed, 2009-02-18 at 18:07 -0800, adelevie wrote: > > According to Djangobook, the philosophy of theadminsite is that all > > users of it are "trusted" not just "authenticated," meaning you will > > trust them to do the right thing. > > That's not an argument against a read-only display of information. The > admin interface trusts everybody equally. However, some information that > is stored in models is simply not designed to be edited. This is already > part of theadmindesign, since you can configure which fields are in a > form.
I disagree with the assertion that the admin interface trusts everybody equally. If all users were equal, what would be the point of the permissioning system? Clearly there are different levels of trust, which is why some users have different levels of access than others: some can create, others can delete, others can update, and superusers can do whatever they want. But, weirdly, if you are going to see the data at all, then you are going to be able to change it, but if you are going to be able to delete it, you don't have to see it. I have been racking my brain trying to understand why the permissioning system in the admin is "CUD" rather than "CRUD". It seems rather arbitrary to me. There is a reason why the common acronym is CRUD--it is what works in this type of system: some people get to see data, some people get to change it, etc. It seems to me that the admin system, without read-only permissioning on a per-model basis (which must be easier to implement system-wide than read-only on a field basis), is acting too much like a blunt instrument. Sure, there are some users that you might not want to see or edit records of model X, even while they have full permissions on model Y. And there are certainly users who you will want to give unlimited access to both models X and Y. But why not support the intermediate case of being able to see the contents of model X without editing therm, but also having full permissions for model Y? This third, intermediate user would be "more trusted" than the first user, but "less trusted" than the second. This is where the "trusted user" standard breaks down for me. Everyone who interacts with the admin is "trusted" on some level, but they are not all at the same level, and having a read-only permission and a complete CRUD implementation would provide a more fine grain of control than what you have now. If trust were the only issue, what would be inconsistent in having an intermediate level of access between "edit" and "none"? I do realize that the "original" scope of the admin system is "trusted users editing structured content", but come on, the admin system has become so much more than that since the introduction of django 1.0. At this point, the only reason that I can think of for excluding a read-only permission (which would be so useful in so many business cases) is so as to comply with the single word "editing" of the original definition just for the purpose of complying with it. It's almost like we're saying, "when Jacob and Adrian et. al. came up with this admin interface five years ago, that was that, so it won't ever contain read-only permissions, no matter how useful or consistent with best practices it might be, because otherwise we would violate the rule they made half a decade ago." Putting a limit on feature creep is one thing, but hobbling an otherwise useful system to comply with an arbitrary definition written when the system had orders of magnitude fewer users is entirely a different thing. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---
