Opened 11 years ago

Closed 8 years ago

Last modified 8 years ago

#19536 closed Cleanup/optimization (fixed)

in ModelAdmin disabling has_add_permission results in not showing any object-tools

Reported by: a.fazeli@… Owned by: Igor Támara
Component: contrib.admin Version: dev
Severity: Normal Keywords:
Cc: Triage Stage: Accepted
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: yes
Easy pickings: no UI/UX: no

Description

in change_list.html when has_add_permission is false all the object-tools (buttons) are not shown, even if you have implemented some custom tools. This permission check should only be for the add button item.

I tweaked the code (very small change) that will fix this problem.

My proposal for this matter is attached to this ticket

Attachments (1)

change_list_patch.html (483 bytes ) - added by a.fazeli@… 11 years ago.
patch for ModelAdmin has_add_permission disabling all the object-tools-items

Download all attachments as: .zip

Change History (13)

by a.fazeli@…, 11 years ago

Attachment: change_list_patch.html added

patch for ModelAdmin has_add_permission disabling all the object-tools-items

comment:1 by Claude Paroz, 11 years ago

Needs tests: set
Patch needs improvement: set
Triage Stage: UnreviewedAccepted
Version: 1.4master

Makes sense. Please provide your attachment as patch/diff format.

comment:2 by Ramiro Morales, 11 years ago

The relevant code is:

{% block object-tools %}
  {% if has_add_permission %}
    <ul class="object-tools">
      {% block object-tools-items %}
        <li>
          <a href="{% url cl.opts|admin_urlname:'add' %}{% if is_popup %}?_popup=1{% endif %}" class="addlink">
            {% blocktrans with cl.opts.verbose_name as name %}Add {{ name }}{% endblocktrans %}
          </a>
        </li>
      {% endblock %}
    </ul>
  {% endif %}
{% endblock %}

The extension strategy provided to developers wishing to implement custom tools is to override the whole object-tools block. The modification proposed by the OP would generate an empty UL element if the current user has no add permission for the normal case (no customization of the template). IMHO we need a better solution or simply leave thing as the are. Consider me -1 on the proposal in its current form.

comment:3 by arash77, 11 years ago

How about this solution:

{% block object-tools %}
    <ul class="object-tools">
        <li style="display: none;"></li>
        {% block object-tools-items %}
            {% if has_add_permission %}
            <li>
                <a href="{% url cl.opts|admin_urlname:'add' %}{% if is_popup %}?_popup=1{% endif %}" class="addlink">
                    {% blocktrans with cl.opts.verbose_name as name %}Add {{ name }}{% endblocktrans %}
                </a>
            </li>
            {% endif %}
        {% endblock %}
    </ul>
{% endblock %}

This way an empty UL will not be created. Of-course the first LI can also be configured through relative CSS class.

comment:4 by Igor Támara, 11 years ago

Owner: changed from nobody to Igor Támara
Status: newassigned

comment:5 by Igor Támara, 11 years ago

a pull request has been done from https://github.com/ikks/django/tree/ticket_19536 , added a test to make sure it works as expected.

comment:6 by Tim Graham, 11 years ago

Left some comments on the PR.

comment:7 by Tim Graham, 10 years ago

Easy pickings: unset

comment:9 by Marten Kenbeek, 8 years ago

Needs tests: unset
Patch needs improvement: unset
Triage Stage: AcceptedReady for checkin

The patch looks good to me.

comment:10 by Tim Graham, 8 years ago

Patch needs improvement: set
Triage Stage: Ready for checkinAccepted

Left some minor comments.

comment:11 by Tim Graham <timograham@…>, 8 years ago

Resolution: fixed
Status: assignedclosed

In ff19df9:

Fixed #19536 -- Included object-tools when ModelAdmin.has_add_permission() is False.

comment:12 by Tim Graham <timograham@…>, 8 years ago

In e73fb2c:

Refs #19536 -- Tweaked test assertion to avoid collision with CSRF token.

Note: See TracTickets for help on using tickets.
Back to Top