Hi, I just ran into a peculiar behavior of Django's admin interface: if a user has a delete permission for some model, but no change permission, how can he delete an object when he is not allowed on the object listing ??
I have a page with a discussion in it and I don't want people to change other people's comments, but there definitely is a need for some form of censorship (spam, rude comments etc). The behavior appear to be the same in newforms-admin ( at least its what I gathered from: options.py: 280 if self.has_change_permission(request, None): 281 # redirect to list view 282 post_url = '../' 283 else: 284 # Object list will give 'Permission Denied', so go back to admin home 285 post_url = '../../../' )... Is this how it should be? I could put together a patch (for stable and newforms branch) if this is not the desired state of things. Thanks for any comments -- Honza Král E-Mail: [EMAIL PROTECTED] ICQ#: 107471613 Phone: +420 606 678585 --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-developers?hl=en -~----------~----~----~----~------~----~------~--~---
