[Django] #25656: Recent Actions admin section contains link to edit form even when user does not have edit permission
Django
not have edit permission
-------------------------------+--------------------
Reporter: bak1an | Owner: nobody
Type: Bug | Status: new
Component: contrib.admin | Version: master
Severity: Normal | Keywords:
Triage Stage: Unreviewed | Has patch: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------+--------------------
Steps to reproduce:
- Login to admin with user that has add-only permission to certain model
- Create an instance of this model
- See that there is new logline within "Recent Actions" which contains
link to edit form and results in 403 Forbidden.
This is something similar to what has been spotted by Tim Graham during
https://github.com/django/django/pull/5244 review so perhaps it will be
handy to fix it after PR 5244 is merged so one can extend
{{{test_no_forbidden_links_visible}}} test with checks for this ticket.
--
Ticket URL: <https://code.djangoproject.com/ticket/25656>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
Django
not have edit permission
Reporter: bak1an | Owner: bak1an
Type: Bug | Status: assigned
Component: contrib.admin | Version: master
Severity: Normal | Resolution:
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Changes (by bak1an):
* owner: nobody => bak1an
* needs_better_patch: => 0
* status: new => assigned
* needs_tests: => 0
* needs_docs: => 0
--
Ticket URL: <https://code.djangoproject.com/ticket/25656#comment:1>
Django
not have edit permission
Reporter: bak1an | Owner: bak1an
Type: Bug | Status: assigned
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Easy pickings: 0 | UI/UX: 0
Changes (by timgraham):
* stage: Unreviewed => Accepted
Comment:
A bit similar to #2856 in case discussion on that ticket helps.
--
Ticket URL: <https://code.djangoproject.com/ticket/25656#comment:2>
Django
not have edit permission
Reporter: Anton Baklanov | Owner: (none)
Type: Bug | Status: new
Component: contrib.admin | Version: dev
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Easy pickings: 0 | UI/UX: 0
Changes (by Mariusz Felisiak):
* owner: Anton Baklanov => (none)
* status: assigned => new
--
Ticket URL: <https://code.djangoproject.com/ticket/25656#comment:3>
Django
not have edit permission
Reporter: Anton Baklanov | Owner: AP Jama
Type: Bug | Status: assigned
Component: contrib.admin | Version: dev
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Easy pickings: 0 | UI/UX: 0
Changes (by AP Jama):
* owner: (none) => AP Jama
* status: new => assigned
--
Ticket URL: <https://code.djangoproject.com/ticket/25656#comment:4>
Django
not have edit permission
Reporter: Anton Baklanov | Owner: AP Jama
Component: contrib.admin | Version: dev
Severity: Normal | Resolution: fixed
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Easy pickings: 0 | UI/UX: 0
Changes (by AP Jama):
* status: assigned => closed
* resolution: => fixed
Comment:
This is no longer a problem. I followed the replication steps, and with an
add-only permission, the user ONLY sees the
`+ Add` button on the list view, and `Save` and `Save and add another`
buttons in the create view.
--
Ticket URL: <https://code.djangoproject.com/ticket/25656#comment:5>
Django
not have edit permission
Reporter: Anton Baklanov | Owner: AP Jama
Component: contrib.admin | Version: dev
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Easy pickings: 0 | UI/UX: 0
Changes (by AP Jama):
* status: closed => new
* resolution: fixed =>
--
Ticket URL: <https://code.djangoproject.com/ticket/25656#comment:6>
Django
not have edit permission
Reporter: Anton Baklanov | Owner: AP Jama
Component: contrib.admin | Version: dev
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Changes (by Sarah Boyce):
* has_patch: 0 => 1
--
Ticket URL: <https://code.djangoproject.com/ticket/25656#comment:7>
Django
not have edit permission
Reporter: Anton Baklanov | Owner: AP Jama
Component: contrib.admin | Version: dev
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Easy pickings: 0 | UI/UX: 0
Changes (by Mariusz Felisiak):
* needs_better_patch: 0 => 1
--
Ticket URL: <https://code.djangoproject.com/ticket/25656#comment:8>
Django
not have edit permission
Reporter: Anton Baklanov | Owner: AP Jama
Type: Bug | Status: assigned
Component: contrib.admin | Version: dev
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 1
Comment (by Anil Rai):
Hiya, I wanted to check if anyone is working right now on this ticket. If
it available and no one is working on it then I would like to take this
one.
--
Ticket URL: <https://code.djangoproject.com/ticket/25656#comment:9>