The dashboard admin list view links to change views that the user may not have permission to use

[toolness]

I noticed recently that our local installation of this project links to dashboard change views from the list view page (i.e. /admin/django_sql_dashboard/dashboard/) even when users don't have access to them. Here's an example:

The user here doesn't have the permission to change dashboards (though they do have permission to view them) yet the slugs in the screenshot above link to admin change views (e.g. URLs like /admin/django_sql_dashboard/dashboard/5/change/). When the user clicks on these links, the view raises a PermissionDenied error, which results in a 403 that isn't very helpful.

It would be nice if either the link wasn't hyperlinked at all, or if it took the user to a read-only version of the change page or something.

[toolness]

Hmm, so one way to fix this is by changing the DashboardAdmin like so:

     def has_change_permission(self, request, obj=None):
         if obj is None:
-            return True
+            return super().has_change_permission(request)
         if request.user.is_superuser:
             return True
         return obj.user_can_edit(request.user)

This effectively removes the link to the change list view in the Django admin.

However, a problem with this is that the "edit" link on the dashboard index page actually sends the user to the dashboard's change view on the admin site, which does still work, but it has a link back to the change list view in its breadcrumb that will now 403 if clicked.

Um... I guess another question I have is, should any user with execute _sql permission also have change permission for the Dashboard model? (The user mentioned in this issue's description has only execute_sql and not change permission.)