#7179 closed (fixed)
[newforms-admin] - Standard 403 error page on breadcrumb if no 'change' permission
Reported by: | Alen Ribic | Owned by: | Alen Ribic |
---|---|---|---|
Component: | contrib.admin | Version: | newforms-admin |
Severity: | Keywords: | nfa-someday | |
Cc: | alen.ribic@… | Triage Stage: | Ready for checkin |
Has patch: | yes | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | no |
Description (last modified by )
If permission is restricted to only allow 'user' or 'group' to 'add' model, then breadcrumb raises a 403 error if clicked on from the add view form.
=================================================== <a>Home</a> > <a>ModelToChange</a> > Add Add ===================================================
Middle one shouldn't be a link if there is no 'change' permission.
Attachments (1)
Change History (9)
comment:1 by , 17 years ago
Summary: | [newforms-admin] - 403 HTTP error on breadcrumb if no 'change' permission → [newforms-admin] - Standard 403 error page on breadcrumb if no 'change' permission |
---|
by , 17 years ago
Attachment: | 00perms_change_form_html.diff added |
---|
comment:2 by , 16 years ago
Keywords: | nfa-someday added |
---|
Trunk has the same behavior, this should not block merge.
comment:3 by , 16 years ago
Description: | modified (diff) |
---|
comment:4 by , 16 years ago
Triage Stage: | Unreviewed → Ready for checkin |
---|
comment:5 by , 16 years ago
Resolution: | → fixed |
---|---|
Status: | new → closed |
(In [9276]) Fixed #7179 -- Changed breadcrumbs on the add page so that a link to the change view is not included when the user doesn't have permission for that view. Also added tests to ensure the link is not there when it shouldn't be, and there when it should be. Thanks for the report & patch alenribic.
comment:6 by , 16 years ago
(In [9277]) [1.0.X] Fixed #7179 -- Changed breadcrumbs on the add page so that a link to the change view is not included when the user doesn't have permission for that view. Also added tests to ensure the link is not there when it shouldn't be, and there when it should be. Thanks for the report & patch alenribic.
comment:7 by , 16 years ago
Resolution: | fixed |
---|---|
Status: | closed → reopened |
comment:8 by , 16 years ago
Resolution: | → fixed |
---|---|
Status: | reopened → closed |
To clarify the above "Description":
If permission is restricted to only allow 'user' or 'group' to 'add' model, then breadcrumb takes the user to a 403 page if middle link is clicked (link to the change / list models page) from the 'add' model form.
Example:
This escapes the admin interface screen and brings up the standard 403 Permission Denied page.
Middle link, "Cities", shouldn't be a link if there is no 'change' permission.
How breadcrumb should be in this scenario:
Home > <should-NOT-be-link>Cities<should-NOT-be-link> > <should-be-link>Add City</should-be-link>