Hi,
I just ran into a peculiar behavior of Django's admin interface:
if a user has a delete permission for some model, but no change
permission, how can he delete an object when he is not allowed on the
object listing ??

I have a page with a discussion in it and I don't want people to
change other people's comments, but there definitely is a need for
some form of censorship (spam, rude comments etc).

The behavior appear to be the same in newforms-admin ( at least its
what I gathered from:
options.py:
280         if self.has_change_permission(request, None):
281             # redirect to list view
282             post_url = '../'
283         else:
284             # Object list will give 'Permission Denied', so go
back to admin home
285             post_url = '../../../'
)...

Is this how it should be? I could put together a patch (for stable and
newforms branch) if this is not the desired state of things.

Thanks for any comments

-- 
Honza Král
E-Mail: [EMAIL PROTECTED]
ICQ#:   107471613
Phone:  +420 606 678585

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"Django developers" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/django-developers?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply via email to