#29120: Document that the admin autocomplete requires the change permission of
the
related model
-------------------------------------+-------------------------------------
Reporter: Rodrigo Pinheiro | Owner: Johannes
Marques de Araújo | Hoppe
Type: Bug | Status: assigned
Component: contrib.admin | Version: 2.0
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Changes (by Johannes Hoppe):
* owner: nobody => Johannes Hoppe
* status: new => assigned
* component: Documentation => contrib.admin
* type: Cleanup/optimization => Bug
Comment:
Hi,
this isn't expected behavior bug a if not a security issue. It should
check the if user has access to the change admin of the origin model, not
the related one. I think this was introduced with a commit from Florian,
when he simplified the code.
I have an idea on how to fix this. I will work on a fix asap.
Best
-Joe
--
Ticket URL: <https://code.djangoproject.com/ticket/29120#comment:3>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/065.42ee0c81a26be77b8432e0bb8e0ea564%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
