Opened 5 years ago
Closed 5 years ago
#31256 closed Uncategorized (wontfix)
Inline widget permision is now based on it's foregin key.
| Reported by: | John Lyu | Owned by: | nobody |
|---|---|---|---|
| Component: | contrib.admin | Version: | 2.1 |
| Severity: | Normal | Keywords: | Inlines, permision |
| Cc: | Triage Stage: | Unreviewed | |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description (last modified by )
Use an old example:
in models.py
class Ticket(models.Model):
........
class Action(models.Model):
ticket = models.ForeignKey(Ticket)
........
in admin.py:
class ActionInline(admin.TabularInline):
model = Action
extra=1
max_num=3
class TicketAdmin(admin.ModelAdmin):
.........
inlines = [
ActionInline,
]
In version 2.1.15:
If I set current user's permisson
edit_Actionbut noedit Ticket, I will not be able to edit actions inlines in "Change Ticket" page.
Based on https://docs.djangoproject.com/en/3.0/releases/2.1.15/, that bug fix is rude and confusing.
In fact, I can still change Action it self and indirectly "change" the page of it's parent Ticket. We should stop trigger save method in this condition instead of disable the feature.
Change History (4)
comment:1 by , 5 years ago
| Description: | modified (diff) |
|---|---|
| Version: | 3.0 → 2.2 |
comment:2 by , 5 years ago
| Description: | modified (diff) |
|---|
comment:3 by , 5 years ago
| Description: | modified (diff) |
|---|---|
| Version: | 2.2 → 2.1 |
comment:4 by , 5 years ago
| Component: | Uncategorized → contrib.admin |
|---|---|
| Resolution: | → wontfix |
| Status: | new → closed |
Note:
See TracTickets
for help on using tickets.
I don't agree that this solution is rude. The rationale behind the Security Team decision is included in the release notes and there is not much to add.