#13539: The delete confirmation page does not check for object-level permissions
when building the related list
-------------------------------------+-------------------------------------
Reporter: delinhabit | Owner:
Type: Bug | Status: new
Component: contrib.admin | Version: 1.8
Severity: Normal | Resolution:
Keywords: delete object-level | Triage Stage: Accepted
permissions |
Has patch: 1 | Needs documentation: 0
Needs tests: 1 | Patch needs improvement: 1
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Comment (by claudep):
One possible solution at "shorter" term would be to add a new default
backend (say ModelBackendNG) which always return True for object
permissions, and deprecate the previous ModelBackend. Then only after the
ModelBackend is removed at the end of the deprecation period, we could
then pass obj to has_perm in the admin.
--
Ticket URL: <https://code.djangoproject.com/ticket/13539#comment:17>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/068.d392cd4eb9de98a9a8184f118088b22b%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
