Code

Opened 3 years ago

Closed 3 years ago

#15503 closed (invalid)

Admin readonly_fields should have a hidden field

Reported by: dahool Owned by: nobody
Component: contrib.admin Version: 1.2
Severity: Keywords: readonly_fields
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: UI/UX:

Description

I customized the UserAdmin form setting readonly_fields = ('username',) but on submit the field is still being validated and failing as there is no value for username.
readonly_fields should also generate a hidden field with the current value to use on validation, or disable validation on this fields.

Attachments (0)

Change History (3)

comment:1 Changed 3 years ago by russellm

  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset
  • Resolution set to invalid
  • Status changed from new to closed

A readonly field really shouldn't have a hidden field. If it did, it wouldn't be a readonly field, because it would be possible for end users to create a POST request that would modify the value.

As for any other problems -- you haven't provided enough detail for anyone else to reproduce the problem you've described. I set up a custom ModelAdmin for User with username as a readonly field, and didn't see any behavior that surprised me.

If you think there is a validation problem here, feel free to reopen -- but with enough detail that would allow someone else to replicate the problem you are seeing.

comment:2 Changed 3 years ago by dahool

  • Resolution invalid deleted
  • Status changed from closed to reopened

How to reproduce:

admin.py


from django.contrib.auth.admin import UserAdmin

admin.site.unregister(User)

class UserAdminForm(UserAdmin):

readonly_fields = ('username',)


admin.site.register(User, UserAdminForm)


Try to edit any user I you'll get a message like Please correct the error below.

See http://i54.tinypic.com/2m7gac9.png

If having a hidden field is not an option, then this fields shouldn't be validated.

comment:3 Changed 3 years ago by russellm

  • Resolution set to invalid
  • Status changed from reopened to closed

Django is doing exactly what you're asking it to do. You've subclassed UserAdmin, which specifically installs custom forms to ensure the user object is correctly validated. When you then remove username from the available data, the custom form fails validation.

If you subclass admin.ModelAdmin instead of UserAdmin, you won't see this problem, because the auto-generated form *will* obey the readonly_fields clause.

Add Comment

Modify Ticket

Change Properties
<Author field>
Action
as closed
as The resolution will be set. Next status will be 'closed'
The resolution will be deleted. Next status will be 'new'
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.