Unsecured fields in ModelAdmin
|Reported by:||Dusan Maliarik||Owned by:||nobody|
|Cc:||Triage Stage:||Design decision needed|
|Has patch:||no||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||no|
When I specify only certain fields to be displayed in ModelAdmin, using 'fields' tuple, I expect these fields to not only disappear from a form, but also to be secured from any changes. Currently when I inject additional fields (not specified in 'fields') using JS or any other method, and submitting form, these fields gets update in a Model.
Not sure whether it's an intention to allow this, but if so, it's quite non-intuitive, because one would expect that these fields cannot be modified.
Change History (4)
comment:2 Changed 7 years ago by
|Status:||closed → reopened|
|Triage Stage:||Unreviewed → Design decision needed|