Context Navigation

← Previous Ticket
Next Ticket →

#29930 closed Bug (fixed)

View only permissions on stacked inline result in error

Reported by:	Andre Lesa	Owned by:	Carlton Gibson
Component:	contrib.admin	Version:	2.1
Severity:	Release blocker	Keywords:	inlines, view only
Cc:		Triage Stage:	Ready for checkin
Has patch:	yes	Needs documentation:	no
Needs tests:	no	Patch needs improvement:	no
Easy pickings:	no	UI/UX:	no

Description

We have an inline on a particular form and we have assigned view only permissions to certain users. When such users try to save the entire form, it results in a cryptic "Please correct the errors below. " message.

So far we have been unable to resolve this. The only solution seems to be the addition of "change" permissions.

Attachments (1)

29930.diff (3.6 KB ) - added by Tim Graham 5 years ago.

Download all attachments as: .zip

Change History (13)

comment:1 by Tim Graham, 5 years ago

Please provide a sample project that reproduces the problem.

comment:2 by Tim Graham, 5 years ago

Severity:	Normal → Release blocker
Triage Stage:	Unreviewed → Accepted

I can reproduce using the tutorial. With the change permission to question and view permission to choice, try to edit a question.

by Tim Graham, 5 years ago

Attachment:	29930.diff added

comment:3 by Tim Graham, 5 years ago

I started on a patch but this solution doesn't work because the has_<foo>_permission calls don't exist at that point where they're added. I think the checks need to go in get_inline_formsets() but given the method's arguments and fact that we can't easily change the signature due to backwards compatibility, I couldn't think of a way to know whether or not should the formset should be omitted. request.method == 'POST' might work. I'll probably continue this next week if no one picks it up.

comment:4 by Matija Kolarić, 5 years ago

Also, likely related to this, if the view has save_as, and there is an error, then, although the user has only view permission for the inline mode, the formset is shown as if the user had add permission, though nothing happens with the entered data. Maybe this requires a new ticket?

comment:5 by Tim Graham, 5 years ago

Yes, I imagine the fix for that probably requires something else.

comment:6 by Carlton Gibson, 5 years ago

Owner:	changed from nobody to Carlton Gibson
Status:	new → assigned

comment:7 by Carlton Gibson, 5 years ago

Has patch:	set

Version 0, edited 5 years ago by Carlton Gibson (next)

comment:8 by Carlton Gibson, 5 years ago

Needs tests:	set
Patch needs improvement:	set

comment:9 by Carlton Gibson, 5 years ago

Needs tests:	unset
Patch needs improvement:	unset

comment:10 by Carlton Gibson, 5 years ago

Triage Stage:	Accepted → Ready for checkin

This one is ready to go. Thanks to Tim & Simon for review.

comment:11 by GitHub <noreply@…>, 5 years ago

Resolution:	→ fixed
Status:	assigned → closed

In 8245c99e:

Fixed #29930 -- Allowed editing in admin with view-only inlines.

Co-authored-by: Tim Graham <timograham@…>

comment:12 by Carlton Gibson <carlton.gibson@…>, 5 years ago

In 27f5b0af:

[2.1.x] Fixed #29930 -- Allowed editing in admin with view-only inlines.

Co-authored-by: Tim Graham <timograham@…>
Backport of 8245c99ee6032c2748ba46583d8cab15b2f9438e from master

Note: See TracTickets for help on using tickets.

Download in other formats:

Issues