#8060: Admin Inlines do not respect user permissions
-------------------------------------+-------------------------------------
Reporter: | Owner: sjaensch
p.patruno@… | Status: assigned
Type: Bug | Component: contrib.admin
Milestone: | Severity: Normal
Version: SVN | Keywords: inlines User
Resolution: | authentication
Triage Stage: Accepted | Has patch: 1
Needs documentation: 0 | Needs tests: 1
Patch needs improvement: 1 | Easy pickings: 0
UI/UX: 0 |
-------------------------------------+-------------------------------------
Changes (by carljm):
* needs_better_patch: 0 => 1
* has_patch: 0 => 1
* needs_tests: 0 => 1
Comment:
Thanks for your work on this patch! Looked at it briefly, and the general
approach looks right.
I'm curious why you concluded that "we can't make sure the user can only
edit existing inlines or only add new ones but not edit existing." It
seems to me that formsets _ought_ to provide what we need to make edit-
only work, via the max-num setting; and that there might-should be a way
to make add-only work too (you don't see any of the existing ones but you
can add new ones), though it might require some modifications in the
formsets code.
I'm willing to consider falling back to the over-conservative approach in
the current patch if someone looks into it carefully and concludes that it
really is prohibitively complex to try to do it right - but I think we
should at least check out what that would entail.
The patch will also definitely need tests.
--
Ticket URL: <https://code.djangoproject.com/ticket/8060#comment:16>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en.
