Opened 10 years ago
Closed 8 years ago
#21734 closed Bug (fixed)
admin's delete_selected action doesn't catch ProtectedError
| Reported by: | Owned by: | Akshesh Doshi | |
|---|---|---|---|
| Component: | contrib.admin | Version: | dev |
| Severity: | Normal | Keywords: | |
| Cc: | Sander Steffann | Triage Stage: | Ready for checkin |
| Has patch: | yes | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
When deleting objects through the admin interface ProtectedError exceptions aren't handled. This patch catches such exceptions and displays an error message instead.
Attachments (2)
Change History (16)
by , 10 years ago
| Attachment: | django-admin-protectederror.patch added |
|---|
comment:1 by , 10 years ago
| Cc: | added |
|---|
follow-up: 4 comment:2 by , 10 years ago
| Easy pickings: | unset |
|---|---|
| Needs tests: | set |
Is this error present on 1.6 and/or master? Is the issue different from #19838? A regression test will be required in order to commit the fix.
comment:3 by , 10 years ago
| Triage Stage: | Unreviewed → Accepted |
|---|
Tentatively accepting pending an answer to the above question.
comment:4 by , 10 years ago
comment:5 by , 10 years ago
It does not appear to the be the same as #19838; this ticket looks like it's for "delete all selected" dropdown from the top of the page.
The good thing is, there does appear to be some protection in place already. You have to go through an intermediate page to confirm, and if a protected (nested) object is detected, then the button to confirm deletion is simply not there, so you normally can't do a delete.
You can still trigger the ProtectedError by skipping the intermediate page, that might be what happened here. The other possibility is that the check for protected via get_deleted_objects is missing something (but without more information that'll be harder to track down)
comment:7 by , 10 years ago
| Resolution: | → needsinfo |
|---|---|
| Status: | new → closed |
Closing as needsinfo absent additional details from the reporter.
comment:8 by , 8 years ago
| Needs tests: | unset |
|---|---|
| Patch needs improvement: | set |
| Summary: | Admin doesn't catch ProtectedError → admin's delete_selected action doesn't catch ProtectedError |
You can create a crash by posting data and bypassing the confirmation page. Seems low priority given the admin is for "trusted users" but wouldn't hurt to fix. See #26235 for the same issue for the regular delete view.
by , 8 years ago
| Attachment: | 21734-test.diff added |
|---|
comment:9 by , 8 years ago
| Resolution: | needsinfo |
|---|---|
| Status: | closed → new |
comment:10 by , 8 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:11 by , 8 years ago
| Patch needs improvement: | unset |
|---|
comment:12 by , 8 years ago
| Patch needs improvement: | set |
|---|
Left comments for improvement on the pull request.
comment:13 by , 8 years ago
| Patch needs improvement: | unset |
|---|---|
| Triage Stage: | Accepted → Ready for checkin |
Patch to show error message in admin on ProtectedError