Opened 8 years ago

Closed 8 years ago

#26235 closed Bug (fixed)

POST to delete protected fk relationship raises ProtectedError

Reported by: Zelvuska Owned by: Akshesh Doshi
Component: contrib.admin Version: dev
Severity: Normal Keywords:
Cc: Triage Stage: Accepted
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: yes
Easy pickings: yes UI/UX: no

Description

If model instance is not deletable in admin due to PROTECTED option in related model, doing a POST to delete this instance raises ProtectedError.

Attachments (1)

26235.diff (875 bytes ) - added by Tim Graham 8 years ago.

Download all attachments as: .zip

Change History (13)

in reply to:  description ; comment:1 by Fyodor Ananiev, 8 years ago

Replying to Zelvuska:
I understand that it is an expected behaviour. models.PROTECT prohibits deletion of an object in general, and POST is one of these ways.

in reply to:  1 comment:2 by Zelvuska, 8 years ago

Replying to tedmx:
Yes, I understand that and I agree. But I would expect that this ProtectedError would be caught and handled in the admin. But doing POST instead causes ServerError which is probably not expected.

comment:3 by Tim Graham, 8 years ago

Is this the actions "delete selected" page as described in #21734? Did you skip the intermediate page that checks for protected items?

comment:4 by Zelvuska, 8 years ago

Yes, it seems that #21734 might be related. We have stumbled upon this while writing tests for our application.

But you can trigger this when you just submit the intermediate page that states that you cannot delete protected item.

comment:5 by Tim Graham, 8 years ago

The "delete" button shouldn't appear on the intermediate page, no?

comment:6 by Tim Graham, 8 years ago

Triage Stage: UnreviewedAccepted

I guess we could try to prevent the issue in case the intermediate page is bypassed. Test attached.

by Tim Graham, 8 years ago

Attachment: 26235.diff added

comment:7 by Fyodor Ananiev, 8 years ago

Zelvuska and Tim, thank you a lot for more insight. What should be a good response for POST request like that? Intermediate page, like in test_protected from the same test case?

Last edited 8 years ago by Fyodor Ananiev (previous) (diff)

comment:8 by Akshesh Doshi, 8 years ago

Owner: changed from nobody to Akshesh Doshi
Status: newassigned

tedmx
I think an error message stating that protected objects cannot be deleted should be fine.

comment:9 by Zelvuska, 8 years ago

tedmx
I think that the intermediate page is perfect. So in case someone tries to bypass it, just display it again.

comment:11 by Tim Graham, 8 years ago

Patch needs improvement: set

comment:12 by Tim Graham <timograham@…>, 8 years ago

Resolution: fixed
Status: assignedclosed

In 49ac10b:

Fixed #26235 -- Handled ProtectedError in a POST to admin's delete_view().

Note: See TracTickets for help on using tickets.
Back to Top