Thanks for your help, it works and filter nicely. But if in the url I change de ID from /1/ to /2/, I can access to others MyUser and modify everythings. The auth module can't be used for this kind of authentification ?
If I have to implement myself, should I implement this outside the admin part ? Thanks Bro On Mar 17, 12:56 pm, Dougal Matthews <douga...@gmail.com> wrote: > The permission system doesn't understand the concept of users 'owning' > things. Therefore, the permissions apply to everything. Can all, can change > any or can delete any. > This is something you need to implement yourself. You can do things to > filter the admin so they only see models they edited. I wrote an example of > that > here;http://blog.dougalmatthews.com/2008/10/filter-the-django-modeladmin-set/ > > Dougal > > --- > Dougal Matthews - @d0ugalhttp://www.dougalmatthews.com/ > > 2009/3/17 Bro <coolpari...@gmail.com> > > > > > Hi, > > > I am using the User model with additional information. This model is > > called : MyUser. > > I try to use permission with group in admin but I have 'can add', 'can > > change', 'can delete'. > > When I give a 'can change' permission, a MyUser login, he can change > > every MyUser. > > > My question is how do I give to MyUser the permission to only change > > his data ? > > > Thanks by advance --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---
