Problems with BaseInlineFormSet.validate_max
|Reported by:||Michael Angeletti||Owned by:||nobody|
|Cc:||Michael Angeletti||Triage Stage:||Unreviewed|
|Has patch:||no||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||no|
I've noticed a couple problems with the validation of
BaseInlineFormSet.max_num (when using the new
BaseInlineFormSet.validate_max feature. The first one is way more important, but the second one is a nuisances as well. Both can be reproduced with a normal inline formset. I am using master @
1) User can click back in their browser and exceed
max_num after maxing out a formset and submitting the form.
If I click "submit" on a form that has a
max_num of 1, then hit back and repopulate the same form again, clicking "submit" again, another record will be created, and this is boundless. I can take a formset with
max_num set to 1 and create 500 records. I would venture to guess that you could even exceed the hard stop of 1000 by doing this.
2) Attempting to delete existing records when
max_num is already exceeded results in a validation error, even when not adding or editing records.
validate_max is in effect, but
max_num has already been exceeded (i.e., if I turn down
max_num after users create objects) Django doesn't allow the user to even delete the existing records, meaning there is no way to remedy the situation. (see http://cl.ly/image/1k1Z1j2L2J3f - I merely checked the "delete" checkbox without adding any new "uploads" or editing the existing ones)