Admin action 'Delete selected' check only global model delete permission
|Reported by:||krejcik@…||Owned by:|
|Severity:||Normal||Keywords:||delete permission admin|
|Cc:||barton@…, apollo13, bas@…, IanMLewis@…, nils@…, kmike84@…, adi@…, tomc||Triage Stage:||Accepted|
|Has patch:||no||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||no|
Action 'delete_selected' calls ModelAdmin's has_delete_permission method only once without obj argument.
(This action is run from object list with checked records)
It is problem if has_delete_permission contains more complex logic which returns different values for a particular objects.
If one of deleted objects must not be delete whole action should fail.
Simple workaround is always forbid global delete (it means return False if obj argument is not given) and allow delete only for specified objects.
But such solutuion still disallow to do multiple delete on objects which can be deleted separately from it's detail form.
Change History (14)
comment:1 Changed 6 years ago by whiskybar
- Needs documentation unset
- Needs tests unset
- Patch needs improvement unset
- Summary changed from Admin actiion 'Delete selected' check only global model delete permission to Admin action 'Delete selected' check only global model delete permission
comment:10 Changed 4 years ago by cyrus
- Easy pickings unset
- Owner changed from nobody to cyrus
- Status changed from new to assigned
- UI/UX unset