#31747: Avoid potential admin model enumeration
-------------------------------+----------------------------------------
Reporter: Daniel Maxson | Owner: Jon Dufresne
Type: New feature | Status: assigned
Component: contrib.admin | Version: master
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 1
Easy pickings: 0 | UI/UX: 0
-------------------------------+----------------------------------------
Changes (by Carlton Gibson):
* needs_better_patch: 0 => 1
Comment:
I'm going to mark as Patch needs improvement for the moment. There's
[https://github.com/django/django/pull/13134 some discussion on the PR] as
to the best way forwards ref a break of APPEND_SLASH behaviour for the
admin.
It looks like we can make it work for non-staff users well enough, but
there's an edge-case for staff-users with a missing permission. I would
propose to move forward with that solution as a win now.
We can then come back to the more difficult question of changing the
APPEND_SLASH behaviour for the admin, which probably needs more discussion
to get right.
--
Ticket URL: <https://code.djangoproject.com/ticket/31747#comment:6>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/065.1373f54092ca2046cc06907f9a4b870e%40djangoproject.com.
