diff --git a/django/contrib/admin/templatetags/admin_list.py b/django/contrib/admin/templatetags/admin_list.py index 832b3562cd..e26d662bb0 100644 --- a/django/contrib/admin/templatetags/admin_list.py +++ b/django/contrib/admin/templatetags/admin_list.py @@ -104,6 +104,10 @@ def result_headers(cl): def items_for_result(cl, result): first = True pk = cl.lookup_opts.pk.attname + if not cl.opts.admin.show_all_rows: + if not cl.user.has_perm(cl.opts.app_label + "." + cl.opts.get_change_permission(), object=result): + return + cl.result_count = cl.result_count +1 for field_name in cl.lookup_opts.admin.list_display: row_class = '' try: diff --git a/django/contrib/admin/templatetags/adminapplist.py b/django/contrib/admin/templatetags/adminapplist.py index 4eeef1b0cf..314010a074 100644 --- a/django/contrib/admin/templatetags/adminapplist.py +++ b/django/contrib/admin/templatetags/adminapplist.py @@ -27,12 +27,7 @@ class AdminApplistNode(template.Node): for m in app_models: if m._meta.admin: if not m._meta.admin.hidden: - #perms = { - #'add': user.has_perm("%s.%s" % (app_label, m._meta.get_add_permission())), - #'change': user.has_perm("%s.%s" % (app_label, m._meta.get_change_permission())), - #'delete': user.has_perm("%s.%s" % (app_label, m._meta.get_delete_permission())), - #} - + perms = { 'add': user.contains_permission("%s.%s" % (app_label, m._meta.get_add_permission()), m), 'change': user.contains_permission("%s.%s" % (app_label, m._meta.get_change_permission()), m), diff --git a/django/contrib/admin/views/main.py b/django/contrib/admin/views/main.py index 9cc2a697f9..ff4a9179f8 100644 --- a/django/contrib/admin/views/main.py +++ b/django/contrib/admin/views/main.py @@ -433,7 +433,7 @@ def _get_deleted_objects(deleted_objects, perms_needed, user, obj, opts, current else: if related.opts.admin: p = '%s.%s' % (related.opts.app_label, related.opts.get_delete_permission()) - if not user.has_perm(p): + if not user.has_perm(p, object=related): perms_needed.add(related.opts.verbose_name) # We don't care about populating deleted_objects now. continue @@ -464,7 +464,7 @@ def _get_deleted_objects(deleted_objects, perms_needed, user, obj, opts, current # permission to delete them, add the missing perm to perms_needed. if related.opts.admin and has_related_objs: p = '%s.%s' % (related.opts.app_label, related.opts.get_delete_permission()) - if not user.has_perm(p): + if not user.has_perm(p, object=related): perms_needed.add(rel_opts_name) for related in opts.get_all_related_many_to_many_objects(): if related.opts in opts_seen: @@ -493,7 +493,7 @@ def _get_deleted_objects(deleted_objects, perms_needed, user, obj, opts, current # permission to change them, add the missing perm to perms_needed. if related.opts.admin and has_related_objs: p = '%s.%s' % (related.opts.app_label, related.opts.get_change_permission()) - if not user.has_perm(p): + if not user.has_perm(p, object=related): perms_needed.add(related.opts.verbose_name) def delete_stage(request, app_label, model_name, object_id): @@ -562,6 +562,7 @@ class ChangeList(object): self.opts = model._meta self.lookup_opts = self.opts self.manager = self.opts.admin.manager + self.user = request.user # Get search parameters from the query string. try: @@ -644,7 +645,10 @@ class ChangeList(object): except InvalidPage: result_list = () - self.result_count = result_count + if self.opts.admin.show_all_rows: + self.result_count = result_count + else: + self.result_count = 0 self.full_result_count = full_result_count self.result_list = result_list self.can_show_all = can_show_all diff --git a/django/contrib/auth/models.py b/django/contrib/auth/models.py index d7b790ec4b..2ebc700724 100644 --- a/django/contrib/auth/models.py +++ b/django/contrib/auth/models.py @@ -373,7 +373,7 @@ class User(models.Model): backend.quote_name('group_id'), backend.quote_name('user_id'), backend.quote_name('negative'), backend.quote_name('owner_ct_id'), backend.quote_name('model_ct_id')) - print sql + cursor.execute(sql, [self.id, ContentType.objects.get_for_model(Group).id, ct.id]) count = int(cursor.fetchone()[0]) return (count>0) diff --git a/django/db/models/options.py b/django/db/models/options.py index 4faf14a0ea..ee253ff451 100644 --- a/django/db/models/options.py +++ b/django/db/models/options.py @@ -203,7 +203,8 @@ class AdminOptions(object): def __init__(self, fields=None, js=None, list_display=None, list_display_links=None, list_filter=None, date_hierarchy=None, save_as=False, ordering=None, search_fields=None, save_on_top=False, list_select_related=False, manager=None, list_per_page=100, - grant_change_row_level_perm=False, grant_delete_row_level_perm=False, hidden=False): + grant_change_row_level_perm=False, grant_delete_row_level_perm=False, hidden=False, + show_all_rows=True): self.fields = fields self.js = js or [] self.list_display = list_display or ['__str__'] @@ -219,6 +220,7 @@ class AdminOptions(object): self.grant_change_row_level_perm=grant_change_row_level_perm self.grant_delete_row_level_perm=grant_delete_row_level_perm self.hidden = hidden + self.show_all_rows = show_all_rows def get_field_sets(self, opts): "Returns a list of AdminFieldSet objects for this AdminOptions object."