Feature request: Admin page RBAC for specific models #734
Description
In my Django application, I have users with certain groups/permissions that I would like to grant access to a subset of the audit log models.
Some user stories for a restaurant backend:
- As a member of kitchen staff, I want to see who ordered what ingredients, so I can audit food wastage
- As a manager, I want to monitor the order lifecycle, so I can have business insights
- As an application developer, I want access to all the audit logs, so I can make sure models are being updated correctly
Design 1: Django built-in model 'view' permission
Maybe it could utilise the built-in Django admin permissions generated automatically when the model was created. For example, if I have a model called Ingredient, Django automatically creates some built-in permissions like view_ingredient, add_ingredient, change_ingredient, delete_ingredient for the admin page. Specifically, if the user had view_ingredient permissions, it could also grant access to the auditlog page to view specifically audit logs for that model.
This behaviour could be controlled by a new setting (defaults False) to retain existing behaviour, something like AUDITLOG_USE_DJANGO_VIEW_PERMISSIONS.
Design 2: Define permission on register
Potentially this could be an extension of the register syntax, where we are expected to define a django permission that the audit log page will check:
auditlog.register($MODEL, admin_permission="view_ingredient_audit")