Opened 16 years ago
Closed 16 years ago
#7344 closed (duplicate)
Plus sign still available even if add rights are not granted
| Reported by: | mrtot | Owned by: | nobody |
|---|---|---|---|
| Component: | contrib.admin | Version: | dev |
| Severity: | Keywords: | newforms-admin, foreign key, admin | |
| Cc: | Triage Stage: | Accepted | |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description (last modified by )
When you have a model like this:
class Player #... class PlayerImage player = model.ForeignKey(Player)
And you login with a user that has full rights on PlayerImage but only modify rights on Player he still sees the plus sign next to the drop down list "Player" in the change PlayerImage menu.
Change History (3)
comment:1 by , 16 years ago
| Keywords: | newforms-admin added; plus sign removed |
|---|---|
| Triage Stage: | Unreviewed → Accepted |
comment:2 by , 16 years ago
| Description: | modified (diff) |
|---|
Note:
See TracTickets
for help on using tickets.
I've confirmed that this is indeed a bug in the oldforms-admin, as will as in newforms-admin.
On clicking on the "plus sign", you get a nice "permission denied" message, so it isn't a security problem. It is more of an aesthetic issue than anything.