#25656: Recent Actions admin section contains link to edit form even when user
does
not have edit permission
-------------------------------+--------------------
Reporter: bak1an | Owner: nobody
Type: Bug | Status: new
Component: contrib.admin | Version: master
Severity: Normal | Keywords:
Triage Stage: Unreviewed | Has patch: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------+--------------------
Steps to reproduce:
- Login to admin with user that has add-only permission to certain model
- Create an instance of this model
- See that there is new logline within "Recent Actions" which contains
link to edit form and results in 403 Forbidden.
This is something similar to what has been spotted by Tim Graham during
https://github.com/django/django/pull/5244 review so perhaps it will be
handy to fix it after PR 5244 is merged so one can extend
{{{test_no_forbidden_links_visible}}} test with checks for this ticket.
--
Ticket URL: <https://code.djangoproject.com/ticket/25656>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/049.1db3bb697dfcda5a86b0032cf5765ef2%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
