Replies: 1 comment
-
|
I agree with the general notion. However, we should review why the admin functionality has been moved to a separate package to begin with. I remember @philippeowagner mentioned django-hijack/django-hijack#114 which in turn refers to django-hijack/django-hijack#84. It seems this decision was fueled be security concerns. However, I believe both packages should provide the best possible security. Keeping features to a minimum should be part of our security effort, yet providing the same feature but in another package doesn't seem to add to that. I would go a step further, I think having different behavior in the admin is a security risk in itself. If you are permitted hijack a user with admin access, you should perform all actions as that user including the admin. However, if that is something you don't want, you probably shouldn't configure your permissions, so you can't hijack staff- or superusers. In other words. I don't believe there should be a "special" admin integration anyway. If you use a snackbar integration approach, this will work nicely with Django admin or any other app. |
Beta Was this translation helpful? Give feedback.
-
I find this package redundant
cc: @codingjoe what do you think?
Beta Was this translation helpful? Give feedback.
All reactions