Broken Admin Delete Action With Confirmation

[leveille]

After updating to head this morning I noticed that I was unable to delete items in the administrator via the delete dropdown action (and confirmation). I was able to track the issue back to [12525]. Specifically, the introduced check looks for 'index', which will not be present when coming from the delete confirmation page:

pprint of request.POST in response_action after clicking GO

<QueryDict: {u'action': [u'delete_selected'], u'select_across': [u'0'], u'csrfmiddlewaretoken': [u'9e1ca9bc4deb4f7750b1ade512afdf8d'], u'_selected_action': [u'12'], u'index': [u'0']}>

pprint of request.POST in response_action after confirming I want to delete the record

<QueryDict: {u'action': [u'delete_selected'], u'_selected_action': [u'12'], u'csrfmiddlewaretoken': [u'9e1ca9bc4deb4f7750b1ade512afdf8d'], u'post': [u'yes']}>

To be sure my code wasn't introducing any issues, I testing with a fresh django project/app and the bug was still present.

[Karen Tracey]

#12973 reported this again and has a patch.

[Preston Holmes]

Moving my patch from #12973 to the open ticket for this issue

[skevy]

I've done a bit more research into this ticket.

The patch does indeed work, and all currently written tests (including those written in changeset 12525) pass correctly.

However, what I found interesting was that in the admin_view test suite, in the following test:

def test_model_admin_default_delete_action(self):
        "Tests the default delete action defined as a ModelAdmin method"
        action_data = {
            ACTION_CHECKBOX_NAME: [1, 2],
            'action' : 'delete_selected',
            'index': 0,
        }
        delete_confirmation_data = {
            ACTION_CHECKBOX_NAME: [1, 2],
            'action' : 'delete_selected',
            'index': 0,
            'post': 'yes',
        }
        confirmation = self.client.post('/test_admin/admin/admin_views/subscriber/', action_data)
        self.assertContains(confirmation, "Are you sure you want to delete the selected subscriber objects")
        self.failUnless(confirmation.content.count(ACTION_CHECKBOX_NAME) == 2)
        response = self.client.post('/test_admin/admin/admin_views/subscriber/', delete_confirmation_data)
        self.failUnlessEqual(Subscriber.objects.count(), 0)

Notice that it sets 'index' equal to 0 in delete_confirmation_data. This is not what happens for real. In fact, when you confirm you want to delete objects, 'index' is never set in the post data. The fact that 'index' is set to 0 in this test is what caused this test to pass way back when 12525 actually happened.

So, I don't know if index SHOULD be set in the post data when the objects are actually deleted, or if the test is incorrect. Some more info on how to proceed from someone who knows WAY more about this code than me would be awesome :-)

Thanks,
-Adam

[Paul Smith]

With the patch applied, deleting is working. However, we still have a few issues:

1. If you hit 'Go' while an action is selected and no list_editable changes are made, the action is applied but no, "# items have changed" message is sent.
2. If you hit 'Go' while an action is selected, and list_editable changes have been made, both changes are applied (not what we want)
3. If you hit the list_editable save button with items selected and an action chosen, you get the, "No action selected" message.

I'm working on an additional patch.

[skevy]

@blinkylights

does this patch cause this error? or was the error already there before the patch is applied?

[Paul Smith]

@skevy

Oh, no... there was definitely a problem before the patch. The patch makes how we're differentiating between action POSTs and list_editable POSTs more explicit (and it works). In doing so, it also reveals why we actually need to be even more explicit to cover cases where users might intend to launch an action, but do a list_editable submit, or vice-versa. So no: the patch is fine, it just needs to do a little more.

Think I have something that works, but you're absolutely right - we need to get some up-to-date tests written so this doesn't come back up.

[aaloy]

I can also reproduce the bug. It affects any model, even the most basic ones (User).

[Mark Lavin]

Removing 'index' from delete_confirmation_data in test_model_admin_default_delete_action fails on the current revision [12812] and passes with the patch. I started a blank project which included the admin. I created a new user and then selected it to be deleted with the admin action. Inspecting what is actually posted in each step in Firebug I see:

_selected_action:	2
action:	delete_selected
csrfmiddlewaretoken:	ec77fa407235521666739722702efee1
index:	0
select_across:	0

followed by the confirmation:

_selected_action:	2
action:	delete_selected
csrfmiddlewaretoken:	ec77fa407235521666739722702efee1
post:	yes

I think this confirms that 'index' is not included in the confirmation post and should be removed from test_model_admin_default_delete_action.

[Mark Lavin]

ptone's patch with updated test

[Karen Tracey]

(In [12813]) Fixed #12962: Made admin delete action work again. Thanks ptone, skevy, mlavin and anyone else I've missed.

[Karen Tracey]

(In [12815]) [1.1.X] Fixed #12707. Admin action messages are no longer displayed when submitting list_editable content. Thanks, copelco.

and

Fixed #12962: Made admin delete action work again. Thanks ptone, skevy, mlavin and anyone else I've missed.

r12525 and r12813 from trunk, together to avoid the regression introduced by r12525 alone.

[Paul Smith]

I have another patch that covers cases where the user might change list_editable elements and hit the action 'Go' button, or select an action to execute and hit 'Save' (which will be there for 'list_editable' fields). In our current state BOTH interactions are handled in the same form, and both sets of changes get handled - an ambiguous and confusing situation that this patch fixes.

[Paul Smith]

Ambiguous form actions

[Paul Smith]

Closing this ticket and opening #13166 to handle action/list_editable ambiguity.

[Jacob]

Milestone 1.2 deleted