Opened 9 years ago

Closed 9 years ago

#15503 closed (invalid)

Admin readonly_fields should have a hidden field

Reported by: Gabriel Owned by: nobody
Component: contrib.admin Version: 1.2
Severity: Keywords: readonly_fields
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no


I customized the UserAdmin form setting readonly_fields = ('username',) but on submit the field is still being validated and failing as there is no value for username.
readonly_fields should also generate a hidden field with the current value to use on validation, or disable validation on this fields.

Change History (3)

comment:1 Changed 9 years ago by Russell Keith-Magee

Resolution: invalid
Status: newclosed

A readonly field really shouldn't have a hidden field. If it did, it wouldn't be a readonly field, because it would be possible for end users to create a POST request that would modify the value.

As for any other problems -- you haven't provided enough detail for anyone else to reproduce the problem you've described. I set up a custom ModelAdmin for User with username as a readonly field, and didn't see any behavior that surprised me.

If you think there is a validation problem here, feel free to reopen -- but with enough detail that would allow someone else to replicate the problem you are seeing.

comment:2 Changed 9 years ago by Gabriel

Resolution: invalid
Status: closedreopened

How to reproduce:

from django.contrib.auth.admin import UserAdmin

class UserAdminForm(UserAdmin):

readonly_fields = ('username',), UserAdminForm)

Try to edit any user I you'll get a message like Please correct the error below.


If having a hidden field is not an option, then this fields shouldn't be validated.

comment:3 Changed 9 years ago by Russell Keith-Magee

Resolution: invalid
Status: reopenedclosed

Django is doing exactly what you're asking it to do. You've subclassed UserAdmin, which specifically installs custom forms to ensure the user object is correctly validated. When you then remove username from the available data, the custom form fails validation.

If you subclass admin.ModelAdmin instead of UserAdmin, you won't see this problem, because the auto-generated form *will* obey the readonly_fields clause.

Note: See TracTickets for help on using tickets.
Back to Top