#34301 closed Bug (fixed)
"show_save_as_new" in admin can add without this permission
Reported by: | Equipe de TI da Zara Falcão | Owned by: | Frédéric Mheir |
---|---|---|---|
Component: | contrib.admin | Version: | 4.1 |
Severity: | Normal | Keywords: | save_as |
Cc: | Carlton Gibson | Triage Stage: | Ready for checkin |
Has patch: | yes | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | yes | UI/UX: | no |
Description (last modified by )
At "django/contrib/admin/templatetags/admin_modify.py" file, line 102, I think you must put one more verification for this tag: "and has_add_permission", because "save_as_new" is a add modification.
I rewrite this for my project:
"show_save_as_new": not is_popup and has_add_permission # This line that I put!!! and has_change_permission and change and save_as,
Change History (16)
comment:1 by , 23 months ago
Cc: | added |
---|---|
Description: | modified (diff) |
Triage Stage: | Unreviewed → Accepted |
follow-up: 3 comment:2 by , 23 months ago
Owner: | changed from | to
---|---|
Status: | new → assigned |
comment:3 by , 23 months ago
Replying to Neesham:
Yes, because "Save as New" is a save too (current object).
comment:4 by , 23 months ago
Owner: | changed from | to
---|
comment:6 by , 23 months ago
Owner: | changed from | to
---|
comment:9 by , 23 months ago
Needs tests: | unset |
---|
follow-up: 11 comment:10 by , 23 months ago
Needs tests: | set |
---|
follow-up: 12 comment:11 by , 23 months ago
Replying to Mariusz Felisiak:
Hi Mariusz! Thanks a lot for your feedback. By making making a test that ensures "show_save_as_new" tag is False when "has_add_permission" is False (and other conditions True), would that be considered proper regression test? The logic is that only it would pass only with the patch.
follow-up: 13 comment:12 by , 23 months ago
Replying to Frédéric Mheir:
Replying to Mariusz Felisiak:
Hi Mariusz! Thanks a lot for your feedback. By making making a test that ensures "show_save_as_new" tag is False when "has_add_permission" is False (and other conditions True), would that be considered proper regression test? The logic is that only it would pass only with the patch.
Yes, exactly.
comment:13 by , 23 months ago
Needs tests: | unset |
---|
Replying to Mariusz Felisiak:
Replying to Frédéric Mheir:
Replying to Mariusz Felisiak:
Hi Mariusz! Thanks a lot for your feedback. By making making a test that ensures "show_save_as_new" tag is False when "has_add_permission" is False (and other conditions True), would that be considered proper regression test? The logic is that only it would pass only with the patch.
Yes, exactly.
Thanks! Just pushed the changes to the PR.
comment:14 by , 23 months ago
Triage Stage: | Accepted → Ready for checkin |
---|
Thanks for the report. It was previously reported in #5650 and #3817, and #3817 was closed but only with a fix for "Save and add another" (see 825f0beda804e48e9197fcf3b0d909f9f548aa47).
Do we need to check both? Checking only
has_add_permission
should be enough.