Code

Opened 4 years ago

Closed 4 years ago

#13576 closed (duplicate)

Found a bug of checking permission rules in django.contrib.admin.actions.delete_selected

Reported by: pelid80@… Owned by: nobody
Component: contrib.admin Version: 1.2
Severity: Keywords: permissions actions
Cc: Triage Stage: Unreviewed
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: UI/UX:

Description

In case of custom ModelAdmin.has_delete_permission method implementation we can use "obj=None" argument to make decision. But django.contrib.admin.actions.delete_selected method by some reason does not check permission rules for each of its queryset object.

Simple patch is added to this ticket.

Attachments (1)

django_contrib_admin_actions-fix-perms-check-bug.diff (662 bytes) - added by pelid80@… 4 years ago.

Download all attachments as: .zip

Change History (2)

comment:1 Changed 4 years ago by russellm

  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset
  • Resolution set to duplicate
  • Status changed from new to closed

Looks like a duplicate of #13539; the fix proposed there looks like a better approach to me.

Add Comment

Modify Ticket

Change Properties
<Author field>
Action
as closed
as The resolution will be set. Next status will be 'closed'
The resolution will be deleted. Next status will be 'new'
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.