Code

Opened 3 months ago

Closed 5 weeks ago

#21734 closed Bug (needsinfo)

Admin doesn't catch ProtectedError

Reported by: sander@… Owned by: nobody
Component: contrib.admin Version: master
Severity: Normal Keywords:
Cc: steffann Triage Stage: Accepted
Has patch: yes Needs documentation: no
Needs tests: yes Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

When deleting objects through the admin interface ProtectedError exceptions aren't handled. This patch catches such exceptions and displays an error message instead.

Attachments (1)

django-admin-protectederror.patch (1.5 KB) - added by sander@… 3 months ago.
Patch to show error message in admin on ProtectedError

Download all attachments as: .zip

Change History (8)

Changed 3 months ago by sander@…

Patch to show error message in admin on ProtectedError

comment:1 Changed 3 months ago by steffann

  • Cc steffann added
  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset

comment:2 follow-up: Changed 3 months ago by timo

  • Easy pickings unset
  • Needs tests set

Is this error present on 1.6 and/or master? Is the issue different from #19838? A regression test will be required in order to commit the fix.

comment:3 Changed 3 months ago by timo

  • Triage Stage changed from Unreviewed to Accepted

Tentatively accepting pending an answer to the above question.

comment:4 in reply to: ↑ 2 Changed 7 weeks ago by anubhav9042

Replying to timo:

Is this error present on 1.6 and/or master? Is the issue different from #19838? A regression test will be required in order to commit the fix.

I can't see ProtectedError being handled anywhere in actions.py in master.

comment:5 Changed 6 weeks ago by afuna

It does not appear to the be the same as #19838; this ticket looks like it's for "delete all selected" dropdown from the top of the page.

The good thing is, there does appear to be some protection in place already. You have to go through an intermediate page to confirm, and if a protected (nested) object is detected, then the button to confirm deletion is simply not there, so you normally can't do a delete.

You can still trigger the ProtectedError by skipping the intermediate page, that might be what happened here. The other possibility is that the check for protected via get_deleted_objects is missing something (but without more information that'll be harder to track down)

comment:6 Changed 6 weeks ago by anubhav9042

As far as I know that intermediate page has nothing to do here.

comment:7 Changed 5 weeks ago by timo

  • Resolution set to needsinfo
  • Status changed from new to closed

Closing as needsinfo absent additional details from the reporter.

Add Comment

Modify Ticket

Change Properties
<Author field>
Action
as closed
as The resolution will be set. Next status will be 'closed'
The resolution will be deleted. Next status will be 'new'
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.