I think there are a number of open tickets related to this. See https://code.djangoproject.com/ticket/23869 and the first comment that links to related issues. Feel free to offer a patch if you are able.
On Friday, October 30, 2015 at 3:04:21 PM UTC-4, Szymon Pyżalski wrote: > > Hello! > > According to the documentation, the behaviour of has_delete_permission > should look like this: > > If obj is None, should return True or False to indicate whether deleting > objects of this type is permitted in general (e.g., False will be > interpreted as meaning that the current user is not permitted to delete > any object of this type). > > I was amazed therefore when I saw that when this method returns True for > object=None, the *any bulk delete is possible*. This leads to a very > nonintuitive situation, where it is impossible to delete an object > directly, but it is possible to include it in a bulk to delete. Is it > the desired behaviour? Is it possible to check permissions for all > objects in bulk? If no, there should be a big fat warning about it in > the documentation. > > Greetings > Szymon > -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/django-users. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/1184f95b-8931-4d58-a108-fbe2d6b384f3%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
