Indeed, the admin doesn't really enforce this. The admin is for trusted users and thus the filter just helps people out but isn't for security. You would be better building your custom admin I think. If you start using model forms etc. its not really that hard.
Dougal --- Dougal Matthews - @d0ugal http://www.dougalmatthews.com/ 2009/3/17 Bro <coolpari...@gmail.com> > > Thanks for your help, it works and filter nicely. > > But if in the url I change de ID from /1/ to /2/, > I can access to others MyUser and modify everythings. > The auth module can't be used for this kind of authentification ? > > If I have to implement myself, should I implement this outside the > admin part ? > > Thanks > > Bro > > On Mar 17, 12:56 pm, Dougal Matthews <douga...@gmail.com> wrote: > > The permission system doesn't understand the concept of users 'owning' > > things. Therefore, the permissions apply to everything. Can all, can > change > > any or can delete any. > > This is something you need to implement yourself. You can do things to > > filter the admin so they only see models they edited. I wrote an example > of > > that here; > http://blog.dougalmatthews.com/2008/10/filter-the-django-modeladmin-set/ > > > > Dougal > > > > --- > > Dougal Matthews - @d0ugalhttp://www.dougalmatthews.com/ > > > > 2009/3/17 Bro <coolpari...@gmail.com> > > > > > > > > > Hi, > > > > > I am using the User model with additional information. This model is > > > called : MyUser. > > > I try to use permission with group in admin but I have 'can add', 'can > > > change', 'can delete'. > > > When I give a 'can change' permission, a MyUser login, he can change > > > every MyUser. > > > > > My question is how do I give to MyUser the permission to only change > > > his data ? > > > > > Thanks by advance > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---
