#8060: Admin Inlines do not respect user permissions
-------------------------------------+-------------------------------------
               Reporter:             |          Owner:  sjaensch
  p.patruno@…                        |         Status:  assigned
                   Type:  Bug        |      Component:  contrib.admin
              Milestone:             |       Severity:  Normal
                Version:  SVN        |       Keywords:  inlines User
             Resolution:             |  authentication
           Triage Stage:  Accepted   |      Has patch:  1
    Needs documentation:  0          |    Needs tests:  1
Patch needs improvement:  1          |  Easy pickings:  0
                  UI/UX:  0          |
-------------------------------------+-------------------------------------
Changes (by carljm):

 * needs_better_patch:  0 => 1
 * has_patch:  0 => 1
 * needs_tests:  0 => 1


Comment:

 Thanks for your work on this patch! Looked at it briefly, and the general
 approach looks right.

 I'm curious why you concluded that "we can't make sure the user can only
 edit existing inlines or only add new ones but not edit existing." It
 seems to me that formsets _ought_ to provide what we need to make edit-
 only work, via the max-num setting; and that there might-should be a way
 to make add-only work too (you don't see any of the existing ones but you
 can add new ones), though it might require some modifications in the
 formsets code.

 I'm willing to consider falling back to the over-conservative approach in
 the current patch if someone looks into it carefully and concludes that it
 really is prohibitively complex to try to do it right - but I think we
 should at least check out what that would entail.

 The patch will also definitely need tests.

-- 
Ticket URL: <https://code.djangoproject.com/ticket/8060#comment:16>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to 
[email protected].
For more options, visit this group at 
http://groups.google.com/group/django-updates?hl=en.

Reply via email to