I think there are a number of open tickets related to this. See https://code.djangoproject.com/ticket/23869 and the first comment that links to related issues. Feel free to offer a patch if you are able.
On Friday, October 30, 2015 at 3:04:21 PM UTC-4, Szymon Pyżalski wrote: > > Hello! > > According to the documentation, the behaviour of has_delete_permission > should look like this: > > If obj is None, should return True or False to indicate whether deleting > objects of this type is permitted in general (e.g., False will be > interpreted as meaning that the current user is not permitted to delete > any object of this type). > > I was amazed therefore when I saw that when this method returns True for > object=None, the *any bulk delete is possible*. This leads to a very > nonintuitive situation, where it is impossible to delete an object > directly, but it is possible to include it in a bulk to delete. Is it > the desired behaviour? Is it possible to check permissions for all > objects in bulk? If no, there should be a big fat warning about it in > the documentation. > > Greetings > Szymon > -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To post to this group, send email to django-users@googlegroups.com. Visit this group at http://groups.google.com/group/django-users. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/1184f95b-8931-4d58-a108-fbe2d6b384f3%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
