#34301 closed Bug (fixed)
"show_save_as_new" in admin can add without this permission
| Reported by: | Equipe de TI da Zara Falcão | Owned by: | Frédéric Mheir |
|---|---|---|---|
| Component: | contrib.admin | Version: | 4.1 |
| Severity: | Normal | Keywords: | save_as |
| Cc: | Carlton Gibson | Triage Stage: | Ready for checkin |
| Has patch: | yes | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | yes | UI/UX: | no |
Description (last modified by )
At "django/contrib/admin/templatetags/admin_modify.py" file, line 102, I think you must put one more verification for this tag: "and has_add_permission", because "save_as_new" is a add modification.
I rewrite this for my project:
"show_save_as_new": not is_popup
and has_add_permission # This line that I put!!!
and has_change_permission
and change
and save_as,
Change History (16)
comment:1 by , 15 months ago
| Cc: | added |
|---|---|
| Description: | modified (diff) |
| Triage Stage: | Unreviewed → Accepted |
follow-up: 3 comment:2 by , 15 months ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:3 by , 15 months ago
Replying to Neesham:
Yes, because "Save as New" is a save too (current object).
comment:4 by , 15 months ago
| Owner: | changed from to |
|---|
comment:6 by , 15 months ago
| Owner: | changed from to |
|---|
comment:9 by , 15 months ago
| Needs tests: | unset |
|---|
follow-up: 11 comment:10 by , 15 months ago
| Needs tests: | set |
|---|
follow-up: 12 comment:11 by , 15 months ago
Replying to Mariusz Felisiak:
Hi Mariusz! Thanks a lot for your feedback. By making making a test that ensures "show_save_as_new" tag is False when "has_add_permission" is False (and other conditions True), would that be considered proper regression test? The logic is that only it would pass only with the patch.
follow-up: 13 comment:12 by , 15 months ago
Replying to Frédéric Mheir:
Replying to Mariusz Felisiak:
Hi Mariusz! Thanks a lot for your feedback. By making making a test that ensures "show_save_as_new" tag is False when "has_add_permission" is False (and other conditions True), would that be considered proper regression test? The logic is that only it would pass only with the patch.
Yes, exactly.
comment:13 by , 15 months ago
| Needs tests: | unset |
|---|
Replying to Mariusz Felisiak:
Replying to Frédéric Mheir:
Replying to Mariusz Felisiak:
Hi Mariusz! Thanks a lot for your feedback. By making making a test that ensures "show_save_as_new" tag is False when "has_add_permission" is False (and other conditions True), would that be considered proper regression test? The logic is that only it would pass only with the patch.
Yes, exactly.
Thanks! Just pushed the changes to the PR.
comment:14 by , 15 months ago
| Triage Stage: | Accepted → Ready for checkin |
|---|
Thanks for the report. It was previously reported in #5650 and #3817, and #3817 was closed but only with a fix for "Save and add another" (see 825f0beda804e48e9197fcf3b0d909f9f548aa47).
Do we need to check both? Checking only
has_add_permissionshould be enough.