id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
8060	Admin Inlines do not respect user permissions	p.patruno@…	Stephan Jaensch	" use inlines in Django admin site. All is ok but :
1) I set a new user permissions to ""can add ticket, can change ticket""
and nothing more
2) login with new user
3) I can change Action inline from Ticket admin inteface ( add, change
and delete !)

If I do not use inline the user is not enable to change/add/delete
Action and is what I expect.

If I try to edit other fields in the admin form Ticket defined
ForeignKey I get the expected ""Permission denied""

I think that the possibility of  change/add/delete a inline model
without privilege is a bug.

I have in my models:

{{{
class Ticket(models.Model):
........

class Action(models.Model):

    ticket = models.ForeignKey(Ticket)
........
}}}

in admin.py:

{{{
class ActionInline(admin.TabularInline):
    model = Action
    extra=1
    max_num=3

class TicketAdmin(admin.ModelAdmin):

.........
        inlines = [
        ActionInline,
        ]
}}}

Thanks

Paolo Patruno
"	Bug	closed	contrib.admin	dev	Normal	fixed	inlines User authentication	Stephan Jaensch	Accepted	1	0	0	0	0	0