id summary reporter owner description type status component version severity resolution keywords cc stage has_patch needs_docs needs_tests needs_better_patch easy ui_ux 13539 The delete confirmation page does not check for object-level permissions when building the related list Ion Scerbatiuc "I implemented a custom authentication backend for providing object level permissions. It's all working fine, except the delete confirmation page for a particular object. I found that when building the related objects list for the confirmation page, the permissions are checked only for the model itself and not the object being processed.[[BR]] In django/contrib/admin/util.py at the 77th line you can see this check: {{{ if not user.has_perm(p): }}} which should be: {{{ if not user.has_perm(p, obj): }}} I'm attaching a patch for this. I hope that this fix will be included in the 1.2 final release. [[BR]] Thanks!" Bug new contrib.admin 1.8 Normal delete object-level permissions slav0nic@… Sarah Boyce Accepted 1 0 1 1 0 0