#8060: Admin Inlines do not respect user permissions
-------------------------------------+-------------------------------------
Reporter: | Owner: sjaensch
p.patruno@… | Status: assigned
Type: Bug | Component: contrib.admin
Milestone: | Severity: Normal
Version: SVN | Keywords: inlines User
Resolution: | authentication
Triage Stage: Accepted | Has patch: 1
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 1 | Easy pickings: 0
UI/UX: 0 |
-------------------------------------+-------------------------------------
Comment (by carljm):
Replying to [comment:23 sjaensch]:
> Agreed. I'm not yet sure if removing a FlatPage-Site relationship is a
change to the FlatPage or to the Site.
If the user is already on the edit page for the model on this side, they
obviously have change permissions for it. So we're really requiring them
to have change permission for both sides of the relationship in order to
muck with the inlines, which I think is correct. (If they're on the add
page for this side, they might not have change permission - but it's
reasonable that if you have add permission for a model you can create some
initial m2m relationships when you add an instance of that model).
> I'll post a patch later that checks the change permission of the related
model, let's see how it feels. :)
Sounds good, thanks!
--
Ticket URL: <https://code.djangoproject.com/ticket/8060#comment:24>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en.
