Opened 2 years ago

Closed 2 years ago

#21063 closed Cleanup/optimization (fixed)

AdminSite app_index does work it doesn't need to

Reported by: Keryn Knight <django@…> Owned by: nobody
Component: contrib.admin Version: master
Severity: Normal Keywords:
Cc: Triage Stage: Unreviewed
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

If a user doesn't have permissions to a module (as defined by it's app label), the way the app_index works, it will still go through the motions of iterating the modeladmin registry and checking permissions it knows cannot be true, as far as I can see. Having done all that, if the app_dict is empty [and it should be], it throws a 404, whereas the ModelAdmin views themselves tend to raise PermissionDenied. The fix is pretty simple, and actually simplifies the view, if you believe shallow trumps deep.

Marking as has patch on the basis on an incoming GitHub pull request.

Change History (2)

comment:1 Changed 2 years ago by Keryn Knight <django@…>

  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset

Pull request is here, tests pass locally based on the following command:

PYTHONPATH=..:$PYTHONPATH python ./runtests.py --settings=test_sqlite admin_views.tests.AdminViewPermissionsTest

comment:2 Changed 2 years ago by Tim Graham <timograham@…>

  • Resolution set to fixed
  • Status changed from new to closed

In 0d74f9553c6acb8b53a502ca5e39542dcc4412c1:

Fixed #21063 -- AdminSite app_index should be fail early if the user has no permissions.

Note: See TracTickets for help on using tickets.
Back to Top