id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
23869	Make ModelAdmin.get_deleted_objects() use ModelAdmin.has_delete_permission() for permissions checking	Andrea Angelini	milkomeda	"Considering `get_deleted_objects` in `django.contrib.admin.utils`, it checks for deleting permission using `user.has_perm(p)`, bypassing the `ModelAdmin` method `has_delete_permission` assigned to the class for the `Model` to be deleted.

https://github.com/django/django/blob/stable/1.7.x/django/contrib/admin/utils.py#L141

Therefore, even in a senario where

{{{
    def has_delete_permission(self, request, obj=None):
        return True
}}}

the user is not able to delete the object, if he doesn't have the permission explicitly assigned for the class by an auth backend.

A tentative idea would be to replace

`if not user.has_perm(p):`

with

`if admin_site._registry[obj.__class__].has_delete_permission(request, obj)`

There are though two problems:
 - `request` is not defined
 - what about `ForeignKey` objects that ought to be deleted but they exist in the admin panel only as `Inlines`? That is, they don't have their own `ModelAdmin` class assigned.
"	Bug	closed	contrib.admin	dev	Normal	fixed		cmawebsite@…	Ready for checkin	1	0	0	0	0	0