Saturday, 15 May 2010

python - django admin permissions - can edit user but can't edit his permissons - how to do it? -


I gave editors such permission:

  • auth | User | Users can add / change - On

  • auth | Permissions | Still, while editing, they can change their permissions (and they allow themselves to work, which they should not do).

  • I got a ticket from 2 years ago: and it still works like this.

    How to allow user versions (email, password, etc.), but change block permissions?

Your current approach is not going to work. I'm scared.

From:

If you have permission to add users, then you have the power to create superusers, which can then, in turn, change other users.

So if you manage to block the editors by changing the permissions, it will not help, because they can still make the SuperUutter.


No comments:

Post a Comment