Opened 13 years ago
Closed 9 years ago
#16862 closed Bug (duplicate)
Admin delete-cascade check doesn't support per-object permissions
Reported by: | Kidwind | Owned by: | |
---|---|---|---|
Component: | contrib.admin | Version: | dev |
Severity: | Normal | Keywords: | permission |
Cc: | kmike84@…, slav0nic0@… | Triage Stage: | Accepted |
Has patch: | yes | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | yes |
Easy pickings: | no | UI/UX: | no |
Description (last modified by )
I'm overriding ModelAdmin for my object permission Backend like this
def has_delete_permission(self, request, obj=None): opts = self.opts return request.user.has_perm(opts.app_label + '.' + opts.get_delete_permission(), obj) # pass parm obj
but when i delete the obj, I get "Deleting the article 'test' would result in deleting related objects, but your account doesn't have permission to delete the following types of objects:article".
Why? I try to find the root of the problem.
In django.contrib.admin.utils.get_deleted_objects, it doesn't pass "obj" to detect the permission for related deleted obj.
Django did not provide extension points,I can only change the django source code.
When I try to implement object permissions for django admin, what is the best solution? Thank you.
Attachments (4)
Change History (11)
by , 13 years ago
Attachment: | django.contrib.admin.util.py.diff added |
---|
comment:1 by , 13 years ago
Description: | modified (diff) |
---|---|
Has patch: | set |
Needs tests: | set |
Summary: | I'm try to implement object permission on django admin. → Admin delete-cascade check doesn't support per-object permissions |
Triage Stage: | Unreviewed → Accepted |
comment:2 by , 13 years ago
Owner: | changed from | to
---|---|
Status: | new → assigned |
by , 13 years ago
Attachment: | django-16862.2.2.diff added |
---|
added tests, but change breaks other tests
by , 13 years ago
Attachment: | django-16862.3.diff added |
---|
improved tests a bit, but proposed change (passing object to permission check) still breaks admin_views.AdminViewPermissionsTest
comment:3 by , 13 years ago
Needs tests: | unset |
---|---|
Owner: | removed |
Patch needs improvement: | set |
Status: | assigned → new |
comment:4 by , 13 years ago
Cc: | added |
---|
comment:5 by , 13 years ago
Similar ticket: https://code.djangoproject.com/ticket/13539
comment:6 by , 12 years ago
Cc: | added |
---|
Yes,
get_deleted_objects
should pass on the specific object in that permission check. Thanks for the report!