Differentiate between Django's default model permissions and custom permissions

[whitews]

Hi,

I believe this came up before in issue #42 and I think it would be useful to have a mechanism to exclude the default permissions in BaseObjectPermissionsForm.

Unfortunately, as you've indicated in the responses to that issue, there is no real distinction between the Permission instances. I am currently doing this by creating my own Form and overriding get_obj_perms_field_choices() to filter the permissions using Model._meta like so:

class UserProjectPermissionForm(UserObjectPermissionsForm):
    def get_obj_perms_field_choices(self):
        choices = super(UserProjectPermissionForm, self).get_obj_perms_field_choices()
        return list(set(choices).intersection(Project._meta.permissions))

Of course, I'd like to avoid using a private attribute, but as far as I can tell using _meta is the only way to access the custom permissions. I realize it's just shifting to problem over to guardian, but what about adding an optional init argument to BaseObjectPermissionsForm to set a property like "exclude_default" and then use it in get_obj_perms_field_choices() to filter these permissions using something similar:

def get_obj_perms_field_choices(self):
        """
        Returns choices for object permissions management field. Default:
        list of tuples ``(codename, name)`` for each ``Permission`` instance
        for the managed object.
        """
        choices = [(p.codename, p.name) for p in get_perms_for_model(self.obj)]

        if self.exclude_default:
            choices = list(set(choices).intersection(self.obj._meta.permissions))

        return choices

Does this sound reasonable, or would there be a better way to implement it?

Thanks!

[brianmay]

I think what you are asking is to be able to distinguish global permissions and per object permissions. So I am going to connect this to #380 and close this report.