Re: [Django] #8060: Admin Inlines do not respect user permissions
Django
-------------------------------------+-------------------------------------
Reporter: | Owner: dgouldin
p.patruno@… | Status: new
Type: Bug | Component: contrib.admin
Milestone: | Severity: Normal
Version: SVN | Keywords: inlines User
Resolution: | authentication
Triage Stage: Design | Has patch: 0
decision needed | Needs tests: 0
Needs documentation: 0 | Easy pickings: 0
Patch needs improvement: 0 |
UI/UX: 0 |
-------------------------------------+-------------------------------------
Changes (by sjaensch):
* cc: sjaensch (added)
* ui_ux: => 0
* easy: => 0
Comment:
I'd like to fix this bug by introducing those permission checks at the
ModelAdmin level. Inlines where the user does not have create/edit
privileges would be removed. ubernostrum said that some design thought
would be needed. Here's my rationale for this implementation:
While admin.py states that models should be edited together with their
inlines, this does not override the permission settings. Permissions are
always more important than admin configuration. Inline editing is
something that's enabled when writing the software, permissions are set
during operation. So either the user cannot access the change view because
he does not have the necessary permissions for some inline model or we do
remove inline forms for the models where the user lacks sufficient
permissions. Obviously, the latter solution would be preferable if it can
be implemented reliably.
If there's consensus on this implementation, I'd like to go forward and
develop a patch. I already have working prototype code since we needed
this feature.
--
Ticket URL: <https://code.djangoproject.com/ticket/8060#comment:12>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
Django
-------------------------------------+-------------------------------------
Reporter: | Owner: dgouldin
p.patruno@… | Status: new
Type: Bug | Component: contrib.admin
Milestone: | Severity: Normal
Version: SVN | Keywords: inlines User
Resolution: | authentication
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 0
UI/UX: 0 |
-------------------------------------+-------------------------------------
Changes (by carljm):
* stage: Design decision needed => Accepted
Comment:
Preventing a user from accessing the change view for an object they do
have permissions on, or removing all inlines, just because they lack
permissions on one inline, is clearly wrong.
Removing an inline if the user doesn't have full permissions on the
inlined model is definitely preferable to that.
Ideally, inlines should respect all three individual permissions properly,
just like the rest of the admin does. If you have only add permission, you
should be able to add a new inline but not see existing ones (we don't
need to do readonly_fields - the precedent set by the rest of the admin is
that you only get to see existing records at all if you can change them).
If you have change but not add permission, you can change existing inlines
but not add new ones. And you only get the delete checkbox if you have
delete permission.
--
Ticket URL: <https://code.djangoproject.com/ticket/8060#comment:13>
Django
-------------------------------------+-------------------------------------
p.patruno@… | Status: assigned
Milestone: | Severity: Normal
Version: SVN | Keywords: inlines User
Resolution: | authentication
Triage Stage: Accepted | Has patch: 0
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 0
UI/UX: 0 |
-------------------------------------+-------------------------------------
* status: new => assigned
* owner: dgouldin => sjaensch
Comment:
Great, thanks for the feedback! I'll work on a patch in the coming days.
--
Ticket URL: <https://code.djangoproject.com/ticket/8060#comment:14>
Django
-------------------------------------+-------------------------------------
Reporter: | Owner: sjaensch
p.patruno@… | Status: assigned
Type: Bug | Component: contrib.admin
Milestone: | Severity: Normal
Version: SVN | Keywords: inlines User
Resolution: | authentication
Triage Stage: Accepted | Has patch: 0
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 0
UI/UX: 0 |
-------------------------------------+-------------------------------------
Comment (by sjaensch):
I just added a first version of the patch that does fix the bug (for the
cases I tested). I'd appreciate any kind of feedback.
--
Ticket URL: <https://code.djangoproject.com/ticket/8060#comment:15>
Django
-------------------------------------+-------------------------------------
Reporter: | Owner: sjaensch
p.patruno@… | Status: assigned
Type: Bug | Component: contrib.admin
Milestone: | Severity: Normal
Version: SVN | Keywords: inlines User
Resolution: | authentication
Needs documentation: 0 | Needs tests: 1
Patch needs improvement: 1 | Easy pickings: 0
UI/UX: 0 |
-------------------------------------+-------------------------------------
Changes (by carljm):
* needs_better_patch: 0 => 1
* has_patch: 0 => 1
* needs_tests: 0 => 1
Comment:
Thanks for your work on this patch! Looked at it briefly, and the general
approach looks right.
I'm curious why you concluded that "we can't make sure the user can only
edit existing inlines or only add new ones but not edit existing." It
seems to me that formsets _ought_ to provide what we need to make edit-
only work, via the max-num setting; and that there might-should be a way
to make add-only work too (you don't see any of the existing ones but you
can add new ones), though it might require some modifications in the
formsets code.
I'm willing to consider falling back to the over-conservative approach in
the current patch if someone looks into it carefully and concludes that it
really is prohibitively complex to try to do it right - but I think we
should at least check out what that would entail.
The patch will also definitely need tests.
--
Ticket URL: <https://code.djangoproject.com/ticket/8060#comment:16>
Django
-------------------------------------+-------------------------------------
Reporter: | Owner: sjaensch
p.patruno@… | Status: assigned
Type: Bug | Component: contrib.admin
Milestone: | Severity: Normal
Version: SVN | Keywords: inlines User
Resolution: | authentication
Triage Stage: Accepted | Has patch: 1
Needs documentation: 0 | Needs tests: 1
Patch needs improvement: 1 | Easy pickings: 0
UI/UX: 0 |
-------------------------------------+-------------------------------------
Comment (by sjaensch):
Thanks! I'll take a further look at formsets, it wasn't immediately clear
to me how to implement that.
I absolutely agree on the need for tests. But django.contrib.admin does
not currently have any tests, does it? Should I start adding them under
django/contrib/admin/tests/? Or are they stored somewhere else?
--
Ticket URL: <https://code.djangoproject.com/ticket/8060#comment:17>
Django
-------------------------------------+-------------------------------------
Reporter: | Owner: sjaensch
p.patruno@… | Status: assigned
Type: Bug | Component: contrib.admin
Milestone: | Severity: Normal
Version: SVN | Keywords: inlines User
Resolution: | authentication
Triage Stage: Accepted | Has patch: 1
Needs documentation: 0 | Needs tests: 1
Patch needs improvement: 1 | Easy pickings: 0
UI/UX: 0 |
-------------------------------------+-------------------------------------
Comment (by carljm):
Replying to [comment:17 sjaensch]:
> Thanks! I'll take a further look at formsets, it wasn't immediately
clear to me how to implement that.
Cool, thanks. Feel free to ping in #django-dev in IRC (carljm) if you want
to consult on any of the finer points.
> I absolutely agree on the need for tests. But django.contrib.admin does
not currently have any tests, does it? Should I start adding them under
django/contrib/admin/tests/? Or are they stored somewhere else?
The admin, like some of the other contrib apps, actually has its tests
with the core Django test suite rather than in the contrib app. So you'll
find them in `tests/regressiontests/admin_*`
--
Ticket URL: <https://code.djangoproject.com/ticket/8060#comment:18>
Django
-------------------------------------+-------------------------------------
Reporter: | Owner: sjaensch
p.patruno@… | Status: assigned
Type: Bug | Component: contrib.admin
Milestone: | Severity: Normal
Version: SVN | Keywords: inlines User
Resolution: | authentication
Triage Stage: Accepted | Has patch: 1
UI/UX: 0 |
-------------------------------------+-------------------------------------
Changes (by sjaensch):
* needs_better_patch: 1 => 0
* needs_tests: 1 => 0
Comment:
Version 2 of the patch is ready. I moved the permission checking code to
the InlineModelAdmin class and added some tests. Fine-grained permission
checking for the change_view should now work too. Any comments welcome.
I'm not very fond of how I return an empty queryset by using
pk__isnull=True as filter. Anybody have a better solution for that? I
think the patch is more or less ready for review.
--
Ticket URL: <https://code.djangoproject.com/ticket/8060#comment:19>
Django
-------------------------------------+-------------------------------------
Reporter: | Owner: sjaensch
p.patruno@… | Status: assigned
Type: Bug | Component: contrib.admin
Milestone: | Severity: Normal
Version: SVN | Keywords: inlines User
Resolution: | authentication
Triage Stage: Accepted | Has patch: 1
Needs documentation: 0 | Needs tests: 0
UI/UX: 0 |
-------------------------------------+-------------------------------------
Changes (by carljm):
* needs_better_patch: 0 => 1
Comment:
This is looking good! Thanks for all your work on it. A few comments:
1. The tests should be broken up into many test methods, one for each case
you're testing (here, I think each block of three related assertContains
or assertNotContains constitutes a "case"). Generally it's ok to have a
few closely-related asserts in a single test method, but as few as
possible. This'll result in some duplication of setup code; that's ok. If
the duplication is really bad, you can factor out some of the setup code
into a helper method on the testcase (that's better than putting it in
setUp() as you still explicitly call the helper method in each test that
needs it, so there's less implicit dependency between tests). In tests
it's better to duplicate a bit of setup code here and there than it is to
have super-long test methods where everything is intertwined and its hard
to change the conditions for one test without affecting others later on,
and a single failure early on can obscure later failures. (Django does
have some super-long test methods in its suite, mostly as a result of
conversion from doctests, but that doesn't mean we want more!). I haven't
reviewed in depth yet whether the test coverage is adequate, that'll be
easier to do once separate tests are broken out.
2. You can get an empty version of any queryset with the `.none()` method,
rather than using `pk__isnull=True`.
3. The other bit I'm not sure is right is the special handling for m2m
auto-created through models. In the m2m case, each inlined instance
represents a relationship, or an instance of the through model, not an
instance of the related model. There are no permissions for an auto-
created through model, but I think the most sensible thing is to consider
any change, addition, or deletion of a through-model to be a *change* to
the related model. In other words, it doesn't make sense to prevent
deleting a through-model instance because the user doesn't have delete
permissions on the related model; no related-model-instance is being
deleted. So in the auto-created case I think all three has_X_permission
methods should return has_change_permission on the related model. Also,
this reasoning should be encapsulated in a comment.
--
Ticket URL: <https://code.djangoproject.com/ticket/8060#comment:20>
Django
-------------------------------------+-------------------------------------
Reporter: | Owner: sjaensch
p.patruno@… | Status: assigned
Type: Bug | Component: contrib.admin
Milestone: | Severity: Normal
Version: SVN | Keywords: inlines User
Resolution: | authentication
Triage Stage: Accepted | Has patch: 1
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 1 | Easy pickings: 0
UI/UX: 0 |
-------------------------------------+-------------------------------------
Comment (by sjaensch):
1. This is a very good point. I was not sure about how I should split them
up. Should I create multiple methods on TestInline or should I go and
create a separate TestCase class for it?
2. Thanks! I'll change it in the next version.
3. Good point! I Hadn't thought about that. I'll post a patch tomorrow
with the changed behavior. One point to consider though: We then cannot
restrict adding additional relationships (or disallow the editing of
existing relationships) for auto-created intermediate m2m models. I think
treating the through relationship as if it were the destination model
might be better semantics. The through model is hidden from the user (as
well as the programmer) anyway, that's why there are no permissions for
it. But that's just my personal opinion, I'll gladly defer to your
judgment. Or should we ask on django-developers what the others prefer?
--
Ticket URL: <https://code.djangoproject.com/ticket/8060#comment:21>
Django
-------------------------------------+-------------------------------------
Reporter: | Owner: sjaensch
p.patruno@… | Status: assigned
Type: Bug | Component: contrib.admin
Milestone: | Severity: Normal
Version: SVN | Keywords: inlines User
Resolution: | authentication
Triage Stage: Accepted | Has patch: 1
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 1 | Easy pickings: 0
UI/UX: 0 |
-------------------------------------+-------------------------------------
Comment (by carljm):
Replying to [comment:21 sjaensch]:
> 1. This is a very good point. I was not sure about how I should split
them up. Should I create multiple methods on TestInline or should I go and
create a separate TestCase class for it?
You could go either way; it'll be enough related test methods that I'd
probably make a new `TestCase`.
> 3. Good point! I Hadn't thought about that. I'll post a patch tomorrow
with the changed behavior. One point to consider though: We then cannot
restrict adding additional relationships (or disallow the editing of
existing relationships) for auto-created intermediate m2m models. I think
treating the through relationship as if it were the destination model
might be better semantics. The through model is hidden from the user (as
well as the programmer) anyway, that's why there are no permissions for
it. But that's just my personal opinion, I'll gladly defer to your
judgment. Or should we ask on django-developers what the others prefer?
I'm pretty sure treating the through model as if it were the destination
model is not the right semantic. Consider the M2M relationship between,
say, `FlatPage` and `Site` (if it used inlines, which it doesn't by
default). If someone is forbidden from deleting `Site` objects, there's no
reason that should imply they can't remove a given `FlatPage` from a
particular site. Removing a `FlatPage` relationship is, if anything, a
change to a `Site` - it certainly isn't equivalent to deleting a `Site`.
I know this means we wouldn't be able to have granular permissions on an
auto-created through model, but really that's just the consequence of
auto-created through models not having their own permissions. Tying it
directly to the permissions of the destination model doesn't help, it just
moves the problem (and IMO makes it more clearly incorrect): I'd have no
way to prevent someone from deleting Sites without also preventing them
from removing a `FlatPage` from a site.
If you still aren't convinced, you're welcome to raise it on django-
developers and see what other opinions you get!
--
Ticket URL: <https://code.djangoproject.com/ticket/8060#comment:22>
Django
-------------------------------------+-------------------------------------
Reporter: | Owner: sjaensch
p.patruno@… | Status: assigned
Type: Bug | Component: contrib.admin
Milestone: | Severity: Normal
Version: SVN | Keywords: inlines User
Resolution: | authentication
Triage Stage: Accepted | Has patch: 1
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 1 | Easy pickings: 0
UI/UX: 0 |
-------------------------------------+-------------------------------------
Comment (by sjaensch):
Replying to [comment:22 carljm]:
> I'm pretty sure treating the through model as if it were the destination
model is not the right semantic. Consider the M2M relationship between,
say, `FlatPage` and `Site` (if it used inlines, which it doesn't by
default). If someone is forbidden from deleting `Site` objects, there's no
reason that should imply they can't remove a given `FlatPage` from a
particular site. Removing a `FlatPage` relationship is, if anything, a
change to a `Site` - it certainly isn't equivalent to deleting a `Site`.
Agreed. I'm not yet sure if removing a FlatPage-Site relationship is a
change to the FlatPage or to the Site. I guess this can be argued either
way, since the relationship is M2M - there is no direction like in the
ForeignKey case. It might also depend on the particular use case. I'll
post a patch later that checks the change permission of the related model,
let's see how it feels. :)
--
Ticket URL: <https://code.djangoproject.com/ticket/8060#comment:23>
Django
-------------------------------------+-------------------------------------
Reporter: | Owner: sjaensch
p.patruno@… | Status: assigned
Type: Bug | Component: contrib.admin
Milestone: | Severity: Normal
Version: SVN | Keywords: inlines User
Resolution: | authentication
Triage Stage: Accepted | Has patch: 1
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 1 | Easy pickings: 0
UI/UX: 0 |
-------------------------------------+-------------------------------------
Comment (by carljm):
Replying to [comment:23 sjaensch]:
> Agreed. I'm not yet sure if removing a FlatPage-Site relationship is a
change to the FlatPage or to the Site.
If the user is already on the edit page for the model on this side, they
obviously have change permissions for it. So we're really requiring them
to have change permission for both sides of the relationship in order to
muck with the inlines, which I think is correct. (If they're on the add
page for this side, they might not have change permission - but it's
reasonable that if you have add permission for a model you can create some
initial m2m relationships when you add an instance of that model).
> I'll post a patch later that checks the change permission of the related
model, let's see how it feels. :)
Sounds good, thanks!
--
Ticket URL: <https://code.djangoproject.com/ticket/8060#comment:24>
Django
-------------------------------------+-------------------------------------
Reporter: | Owner: sjaensch
p.patruno@… | Status: assigned
Type: Bug | Component: contrib.admin
Milestone: | Severity: Normal
Version: SVN | Keywords: inlines User
Resolution: | authentication
Triage Stage: Accepted | Has patch: 1
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 1 | Easy pickings: 0
UI/UX: 0 |
-------------------------------------+-------------------------------------
Comment (by sjaensch):
I added a new patch with all the changes requested by carljm. diff_v2_v3
shows the difference between this patch and the last. All the inline
permission tests are split up now and are in their own TestCase class.
--
Ticket URL: <https://code.djangoproject.com/ticket/8060#comment:25>
Django
-------------------------------------+-------------------------------------
Reporter: | Owner: sjaensch
p.patruno@… | Status: assigned
Type: Bug | Component: contrib.admin
Milestone: | Severity: Normal
Version: SVN | Keywords: inlines User
Resolution: | authentication
Triage Stage: Accepted | Has patch: 1
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 1 | Easy pickings: 0
UI/UX: 0 |
-------------------------------------+-------------------------------------
Comment (by anonymous):
I'm using GitHub to maintain the patch I've posted here:
https://github.com/sjaensch/django. I'm periodically rebasing my changes
against the tip of Django so the should apply cleanly to Django SVN.
--
Ticket URL: <https://code.djangoproject.com/ticket/8060#comment:26>
Django
-------------------------------------+-------------------------------------
Reporter: | Owner: sjaensch
p.patruno@… | Status: assigned
Type: Bug | Component: contrib.admin
Milestone: | Severity: Normal
Version: SVN | Keywords: inlines User
Resolution: | authentication
Triage Stage: Accepted | Has patch: 1
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 1 | Easy pickings: 0
UI/UX: 0 |
-------------------------------------+-------------------------------------
Comment (by sjaensch):
The last comment was by me, not sure why I was suddenly logged out. Maybe
because of the outage yesterday?
--
Ticket URL: <https://code.djangoproject.com/ticket/8060#comment:27>
Django
-------------------------------------+-------------------------------------
Type: Bug | Status: assigned
Component: contrib.admin | Version: SVN
Severity: Normal | Resolution:
Keywords: inlines User | Triage Stage: Accepted
authentication | Needs documentation: 0
Has patch: 1 | Patch needs improvement: 0
Needs tests: 0 | UI/UX: 0
Easy pickings: 0 |
-------------------------------------+-------------------------------------
Changes (by sjaensch):
* needs_better_patch: 1 => 0
Comment:
I changed the GitHub repository as requested in the IRC channel. There is
now a separate branch that contains all changes for this issue:
https://github.com/sjaensch/django/tree/admin_inline_perm. I'll
periodically rebase the branch.
I also added a release note as suggested by carljm. I'm not really happy
about the wording, maybe a native speaker could check it? I also feels
this should be documented in the admin documentation. I'll work on that
tomorrow.
If anybody can try out the patch, that would be great. Django's testsuite
does not produce any failures.
--
Ticket URL: <https://code.djangoproject.com/ticket/8060#comment:28>
Django
-------------------------------------+-------------------------------------
Reporter: p.patruno@… | Owner: sjaensch
Type: Bug | Status: assigned
Component: contrib.admin | Version: SVN
Severity: Normal | Resolution:
Keywords: inlines User | Triage Stage: Accepted
authentication | Needs documentation: 0
Easy pickings: 0 |
-------------------------------------+-------------------------------------
Changes (by sjaensch):
* needs_better_patch: 0 => 1
Comment:
I just added a bit of documentation. All of django's tests pass, by the
way.
--
Ticket URL: <https://code.djangoproject.com/ticket/8060#comment:29>
Django
-------------------------------------+-------------------------------------
Reporter: p.patruno@… | Owner: sjaensch
Type: Bug | Status: assigned
Component: contrib.admin | Version: SVN
Severity: Normal | Resolution:
Keywords: inlines User | Triage Stage: Accepted
authentication | Needs documentation: 0
Easy pickings: 0 |
-------------------------------------+-------------------------------------
Changes (by sjaensch):
* needs_better_patch: 1 => 0
--
Ticket URL: <https://code.djangoproject.com/ticket/8060#comment:30>
Django
-------------------------------------+-------------------------------------
Reporter: p.patruno@… | Owner: sjaensch
Component: contrib.admin | Version: SVN
Severity: Normal | Resolution: fixed
authentication | Needs documentation: 0
Has patch: 1 | Patch needs improvement: 0
Needs tests: 0 | UI/UX: 0
Easy pickings: 0 |
-------------------------------------+-------------------------------------
* status: assigned => closed
* resolution: => fixed
Comment:
In [16934]:
{{{
#!CommitTicketReference repository="" revision="16934"
Fixed #8060 - Added permissions-checking for admin inlines. Thanks
p.patruno for report and Stephan Jaensch for work on the patch.
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/8060#comment:31>
Django
-------------------------------------+-------------------------------------
Reporter: p.patruno@… | Owner: sjaensch
Type: Bug | Status: closed
Component: contrib.admin | Version: SVN
Severity: Normal | Resolution: fixed
Keywords: inlines User | Triage Stage: Accepted
authentication | Needs documentation: 0
Has patch: 1 | Patch needs improvement: 0
Needs tests: 0 | UI/UX: 0
Easy pickings: 0 |
-------------------------------------+-------------------------------------
Comment (by loewis):
In [16950]:
{{{
#!CommitTicketReference repository="" revision="16950"
Merged revisions
16743,16745,16747-16750,16752-16754,16756-16760,16770,16773-16800,16802-16804,16806,16808,16811,16813,16815,16817-16826,16829-16833,16835-16836,16838-16843,16845-16858,16860-16866,16868,16871-16877,16882-16890,16893-16947
via svnmerge from
https://code.djangoproject.com/svn/django/trunk
........
r16743 | gabrielhurley | 2011-09-09 23:36:58 +0200 (Fr, 09 Sep 2011) | 2
lines
Fixed #16791 -- Updated a broken URL in the README file. Thanks to
paulcwatts for the report and patch.
........
r16745 | Alex | 2011-09-09 23:45:58 +0200 (Fr, 09 Sep 2011) | 1 line
Switch to using explicit new-style division behavior, rather than
relying on teh classic behavior.
........
r16747 | SmileyChris | 2011-09-10 00:32:38 +0200 (Sa, 10 Sep 2011) | 1
line
Fix and test for cleaning a non-string value in a URLField
........
r16748 | gabrielhurley | 2011-09-10 00:33:28 +0200 (Sa, 10 Sep 2011) | 2
lines
Fixed #16786 -- Minor cleanups in the memcached section of the caching
topic guide. Thanks to jamesp for the report and patch.
........
r16749 | jbronn | 2011-09-10 00:34:23 +0200 (Sa, 10 Sep 2011) | 1 line
Fixed #16408 -- Fixed conversion of dates, and other problems with the
SpatiaLite backend.
........
r16750 | jbronn | 2011-09-10 00:47:18 +0200 (Sa, 10 Sep 2011) | 1 line
Removed extra call to `syncdb` that slipped in with r16749.
........
r16752 | SmileyChris | 2011-09-10 00:57:12 +0200 (Sa, 10 Sep 2011) | 1
line
Fixes #16664 -- URLField's to_python method fails with ValueError on
some urls on python 2.7. Based on patch by zigzag.
........
r16753 | russellm | 2011-09-10 01:02:33 +0200 (Sa, 10 Sep 2011) | 1 line
Added two pointless query repeats to work around a known issue with
MySQL that was causing failures in our test suite.
........
r16754 | gabrielhurley | 2011-09-10 01:25:48 +0200 (Sa, 10 Sep 2011) | 2
lines
Fixed #16782 -- Corrected a broken cross-reference to the database
engine setting in the tutorial. Thanks to mjumbewu for the report and
patch.
........
r16756 | kmtracey | 2011-09-10 02:05:48 +0200 (Sa, 10 Sep 2011) | 2
lines
Fixed #15722: ensure formsets evaluate to True even if they have no
forms. Thanks mlavin.
........
r16757 | jbronn | 2011-09-10 02:29:34 +0200 (Sa, 10 Sep 2011) | 1 line
Fixed #13670 -- Comparisons with the spatial adapter won't blow up in
some corner cases. Thanks, milosu for the bug report and jpaulett for the
patch.
........
r16758 | russellm | 2011-09-10 02:46:38 +0200 (Sa, 10 Sep 2011) | 1 line
Added protection against spoofing of X_FORWARDED_HOST headers. A
security announcement will be made shortly.
........
r16759 | russellm | 2011-09-10 02:46:48 +0200 (Sa, 10 Sep 2011) | 1 line
Corrected an issue which could allow attackers to manipulate session
data using the cache. A security announcement will be made shortly.
........
r16760 | russellm | 2011-09-10 02:47:00 +0200 (Sa, 10 Sep 2011) | 1 line
Altered the behavior of URLField to avoid a potential DOS vector, and to
avoid potential leakage of local filesystem data. A security announcement
will be made shortly.
........
r16770 | Alex | 2011-09-10 03:53:56 +0200 (Sa, 10 Sep 2011) | 1 line
Make ``Formset.__getitem__`` O(1), rather than O(n). If you override
``__iter__`` you now need to also override ``__getitem__`` for consistant
behavior. Thanks to Carl and Russ for the review.
........
r16773 | Alex | 2011-09-10 04:42:05 +0200 (Sa, 10 Sep 2011) | 1 line
Fixed #11404. Added ``FormSet.has_changed``, for consistancy with
``Form.has_changed``. Thanks to michelts for the patch.
........
r16774 | Alex | 2011-09-10 04:52:37 +0200 (Sa, 10 Sep 2011) | 1 line
Fixed #16793. Added more cross referencing to the load tag's
documentation. Thanks to bluejeansummer for the patch.
........
r16775 | jbronn | 2011-09-10 05:04:30 +0200 (Sa, 10 Sep 2011) | 1 line
Fixed #16790 -- Modified the geographic admin to work after r16594.
Thanks, jdiego, for the bug report and patch.
........
r16776 | carljm | 2011-09-10 05:26:13 +0200 (Sa, 10 Sep 2011) | 1 line
Corrected documentation inconsistencies regarding deprecation of
URLField.verify_exists.
........
r16777 | carljm | 2011-09-10 05:33:54 +0200 (Sa, 10 Sep 2011) | 1 line
Added basic release notes for 1.2.6 and 1.3.1.
........
r16778 | Alex | 2011-09-10 19:09:23 +0200 (Sa, 10 Sep 2011) | 1 line
Fixed #16162. Added timeout arg to `DummyCache.set_many`, for
compatiblity with other caches. Thanks to aaugustin for the patch.
........
r16779 | jbronn | 2011-09-10 19:19:05 +0200 (Sa, 10 Sep 2011) | 1 line
Fixed #16537 -- Fixed multi-db issues with GeoDjango utilities. Thanks,
Shane Shifflett for the bug report and aaugustin for the initial patch.
........
r16780 | Alex | 2011-09-10 19:20:31 +0200 (Sa, 10 Sep 2011) | 1 line
Fixed #16280. Document that both args and kwargs cannot be passed to
reverse at the same time.
........
r16781 | russellm | 2011-09-10 19:29:33 +0200 (Sa, 10 Sep 2011) | 1 line
Refs #16490 - Add a commit to ensure that a fresh read is provided; this
is only a problem for databases in REPEATABLE READ mode, which is MySQL
InnoDB's default. Thanks to Jim Dalton for the report and patch.
........
r16782 | Alex | 2011-09-10 19:38:58 +0200 (Sa, 10 Sep 2011) | 1 line
Fixed #16808, removed some dead code from teh ORM. Thanks to aaugustin
for the patch.
........
r16783 | jbronn | 2011-09-10 20:04:27 +0200 (Sa, 10 Sep 2011) | 1 line
Fixed #16553 -- Refactored the `GeoIP` module, moving it
`django.contrib.gis.geoip`; fixed memory leaks, and encoding issues.
........
r16784 | russellm | 2011-09-10 20:44:33 +0200 (Sa, 10 Sep 2011) | 1 line
Fixed #16490 -- Skipped a test failure that only occurs under Python
2.6.1 (it's the old iteration-eats-exceptions problem).
........
r16785 | russellm | 2011-09-10 20:58:30 +0200 (Sa, 10 Sep 2011) | 1 line
Fixed #16809 -- Forced MySQL to behave like a database. This avoids a
problem where queries that do IS NONE checks can return the wrong result
the first time they are executed if there is a recently inserted row.
Thanks to James Pyrich for the debug work and patch.
........
r16786 | Alex | 2011-09-10 21:45:16 +0200 (Sa, 10 Sep 2011) | 1 line
Make a comment more accurate.
........
r16787 | russellm | 2011-09-10 22:06:10 +0200 (Sa, 10 Sep 2011) | 1 line
Fixed #16592 -- More test changes and documentation to account for
MySQL's casual relationship with sanity. Thanks to Jim Dalton for the
report and patch.
........
r16788 | Alex | 2011-09-10 23:00:25 +0200 (Sa, 10 Sep 2011) | 1 line
Remove this deprecated alias.
........
r16789 | Alex | 2011-09-10 23:00:32 +0200 (Sa, 10 Sep 2011) | 1 line
Removed the deprecated-since-1.2 "supports_object_permissions" and
"supports_anonymous_user" flags on authentication backends. If you have
an authenication backend it now *must* suport these.
........
r16790 | Alex | 2011-09-10 23:29:21 +0200 (Sa, 10 Sep 2011) | 1 line
Fixed #16810, corrected a bad docstring. Thanks to kenkam for the patch.
........
r16791 | Alex | 2011-09-10 23:44:57 +0200 (Sa, 10 Sep 2011) | 1 line
Ensure bulk_create returns what it is supposed to.
........
r16792 | Alex | 2011-09-10 23:46:59 +0200 (Sa, 10 Sep 2011) | 1 line
Ensure bulk_create returns the right value if the argument is an empty
list.
........
r16793 | Alex | 2011-09-11 00:02:13 +0200 (So, 11 Sep 2011) | 1 line
Fixed bulk_insertion on databases which don't yet support it. Thanks to
Justin Bronn for his Oracle wizardry.
........
r16794 | Alex | 2011-09-11 00:31:38 +0200 (So, 11 Sep 2011) | 1 line
Remove a bunch of deadcode/dead imports.
........
r16795 | Alex | 2011-09-11 00:46:44 +0200 (So, 11 Sep 2011) | 1 line
Kill some more dead code.
........
r16796 | jbronn | 2011-09-11 00:53:26 +0200 (So, 11 Sep 2011) | 1 line
Fixed #14648 -- Fixed annotated date querysets when `GeoManager` is
used. Thanks, codysoyland, for the bug report.
........
r16797 | jbronn | 2011-09-11 02:00:15 +0200 (So, 11 Sep 2011) | 1 line
Fixed #15305 -- Made `Count` aggregate and `.values()` play nice
together on `GeoQuerySets`. Thanks, vrehak for the bug report and milosu
for initial patch.
........
r16798 | jbronn | 2011-09-11 02:15:43 +0200 (So, 11 Sep 2011) | 1 line
Fixed #13429 -- Changed `WorldBorders` to just `WorldBorder` in
GeoDjango tutorial. Thanks, tubaman for the bug report.
........
r16799 | ramiro | 2011-09-11 02:52:03 +0200 (So, 11 Sep 2011) | 4 lines
Fixed #14138 -- Removed a superfluous import in the sqlite3 DB backend.
This could be of help with some issues people were seeing when deploying
Django with sqlite and Apache.
........
r16800 | jbronn | 2011-09-11 02:52:08 +0200 (So, 11 Sep 2011) | 1 line
Fixed #16231 -- Added support for GML and KML on the SpatiaLite backend.
Thanks, steko for the bug report and jpaulett for the patch.
........
r16802 | julien | 2011-09-11 03:12:11 +0200 (So, 11 Sep 2011) | 1 line
Fixed #16276 -- Noted in the deployment documentation index that the
Django Book 2nd ed. was written against Django 1.1. Thanks to bshaurette
and bluejeansummer for the patch.
........
r16803 | carljm | 2011-09-11 04:28:08 +0200 (So, 11 Sep 2011) | 1 line
Added basic release notes for 1.2.7.
........
r16804 | ubernostrum | 2011-09-11 06:01:41 +0200 (So, 11 Sep 2011) | 1
line
Fixed #16079: Clarified (for real this time) how handler404 and
handler500 work, and that they only work in a root URLconf.
........
r16806 | ubernostrum | 2011-09-11 07:31:00 +0200 (So, 11 Sep 2011) | 1
line
Fixed #16552: Noted that contrib.sessions is a requirement for the
admin.
........
r16808 | ubernostrum | 2011-09-11 07:37:55 +0200 (So, 11 Sep 2011) | 1
line
Fixed #16293: Document a way to return dicts with column names from a DB
cursor.
........
r16811 | ubernostrum | 2011-09-11 07:44:21 +0200 (So, 11 Sep 2011) | 1
line
Fixed #16109: Corrected an inconsistency in URLconf examples for
matching a numeric month.
........
r16813 | ubernostrum | 2011-09-11 07:47:48 +0200 (So, 11 Sep 2011) | 1
line
Fixed #16094: Added clear example of how to refer to custom permissions.
........
r16815 | ubernostrum | 2011-09-11 07:57:38 +0200 (So, 11 Sep 2011) | 1
line
Fixed #16334: Make it quite clear that cache_page's 'cache' argument
refers to the name of a cache in the CACHES setting.
........
r16817 | julien | 2011-09-11 21:28:18 +0200 (So, 11 Sep 2011) | 1 line
Fixed #16742 -- Provided code examples in the models documentation for
accessing extra fields on many-to-many relationships. Many thanks to aj
for the suggestion and to Nick Lang for the patch.
........
r16818 | ramiro | 2011-09-12 00:36:16 +0200 (Mo, 12 Sep 2011) | 9 lines
Fixed #14675 -- Completed removal of `from django.conf.urls.default
import *` usage.
This applies to both our own [test] code and documentation examples.
Also:
* Moved the functions and handlers from `django.conf.urls.defaults` up
to
`django.conf.urls` deprecating the former module.
* Added documentation for `handler403`.
* Tweaked the URLs topic document a bit.
Thanks to pupeno and cdestigter for their great work contributing
patches.
........
r16819 | ramiro | 2011-09-12 01:02:53 +0200 (Mo, 12 Sep 2011) | 3 lines
Added an implementation of bulk insert via the ORM to the Oracle DB
backend.
Refs #7596, r16739 and http://troels.arvin.dk/db/rdbms/#insert-multiple
........
r16820 | julien | 2011-09-12 09:12:28 +0200 (Mo, 12 Sep 2011) | 1 line
Fixed #16291 -- Documented that TypedChoiceField does not coerce
empty_value. Thanks to vanschelven and taavi223.
........
r16821 | julien | 2011-09-12 09:15:47 +0200 (Mo, 12 Sep 2011) | 1 line
Fixed some improper quotes in the form fields reference doc.
........
r16822 | julien | 2011-09-13 05:10:07 +0200 (Di, 13 Sep 2011) | 1 line
Fixed #4198 -- Fixed a small styling issue in the admin calendar widget.
Thanks to Gary Wilson and fcurella.
........
r16823 | julien | 2011-09-13 10:22:53 +0200 (Di, 13 Sep 2011) | 1 line
Fixed #16815 -- Rectified the code example for hidden_fields and
visible_fields in the forms documentation. Thanks, joonas.
........
r16824 | jezdez | 2011-09-13 17:10:49 +0200 (Di, 13 Sep 2011) | 1 line
Fixed #16833 -- Removed undocumented `mixin` parameter from the
`Storage.open()` method as this was an undocumented and obscure feature.
Thanks to Marty and Russell for sanity-checking.
........
r16825 | jbronn | 2011-09-13 22:30:24 +0200 (Di, 13 Sep 2011) | 1 line
Updated versions and added `libproj-dev` to the GeoDjango installation
docs.
........
r16826 | jbronn | 2011-09-13 22:43:33 +0200 (Di, 13 Sep 2011) | 1 line
Fixed #16778 -- Improved escaping of geometries on PostgreSQL, allowing
GeoDjango to work on 9.1. Thanks, piro for ticket and patch.
........
r16829 | PaulM | 2011-09-15 01:27:35 +0200 (Do, 15 Sep 2011) | 2 lines
Fixed #16494 by normalizing HttpResponse behavior with non-string input.
HttpResponse now always converts content to string on output, regardless
of input type.
........
r16830 | PaulM | 2011-09-15 01:58:12 +0200 (Do, 15 Sep 2011) | 2 lines
Slight cleanup to r16829, thanks Alex Gaynor for the note.
........
r16831 | carljm | 2011-09-15 09:26:35 +0200 (Do, 15 Sep 2011) | 6 lines
Fixed #16848 - Adjusted SimpleTemplateResponse.__init__ to be less
brittle.
Could have reverted r16830 instead, but HttpResponse shouldn't have to
dance
around and do non-obvious things to keep TemplateResponse happy,
TemplateResponse should be robust against the possibility that
HttpResponse.__init__ might set self.content.
........
r16832 | Alex | 2011-09-16 01:55:30 +0200 (Fr, 16 Sep 2011) | 1 line
Fixed #16854 -- corrected an AttributeError coming from the contenttypes
post-syncdb hook. Thanks to desh for the report.
........
r16833 | carljm | 2011-09-16 03:16:25 +0200 (Fr, 16 Sep 2011) | 9 lines
Fixed #16770 -- Eliminated TemplateSyntaxError wrapping of exceptions.
Thanks to Justin Myles-Holmes for report and draft patch.
Exceptions raised in templates were previously wrapped in
TemplateSyntaxError
(in TEMPLATE_DEBUG mode only) in order to provide template source
details on
the debug 500 page. The same debug information is now provided by
annotating
exceptions rather than wrapping them. This makes catching exceptions
raised
from templates more sane, as it's consistent in or out of DEBUG, and you
can
catch the specific exception(s) you care about rather than having to
also catch
TemplateSyntaxError and unwrap it.
........
r16835 | julien | 2011-09-16 08:30:05 +0200 (Fr, 16 Sep 2011) | 1 line
Reverted the change in r16683, which, while fixing an alignment issue in
IE7 with the admin's "Save and continue editing" and "Save and add
another" buttons, caused the swapping of those buttons' order. Thanks to
jocmeh for the report. Refs #16852.
........
r16836 | carljm | 2011-09-16 12:53:15 +0200 (Fr, 16 Sep 2011) | 1 line
Fixed #16094 -- Added missing colon in custom permissions docs.
........
r16838 | carljm | 2011-09-16 13:12:35 +0200 (Fr, 16 Sep 2011) | 1 line
Fixed #16812 -- Percent-encode URLs in verify_exists, to fix test
failures on Python 2.5 and 2.6.
........
r16839 | carljm | 2011-09-16 13:57:03 +0200 (Fr, 16 Sep 2011) | 1 line
Fixed #16803 -- Use model verbose_name directly as ContentType unicode
representation so it can be translated. Thanks to bronger for the report
and Ivan Sagalaev for the patch.
........
r16840 | carljm | 2011-09-16 18:41:38 +0200 (Fr, 16 Sep 2011) | 1 line
Fixed #16568 -- Added RequireDebugFalse filter to prevent sending 500
error emails when DEBUG is True in projects with no explicit LOGGING
setting. Thanks to Andreas Pelme for report and patch.
........
r16841 | carljm | 2011-09-16 19:07:19 +0200 (Fr, 16 Sep 2011) | 1 line
Added release note and updated TEMPLATE_DEBUG documentation for r16833.
Thanks jezdez for the reminder.
........
r16842 | carljm | 2011-09-16 20:06:42 +0200 (Fr, 16 Sep 2011) | 9 lines
Fixed #16863 -- Corrected ReST markup to avoid errors building docs.
Although directives such as "note" and "warning" will accept content
immediately following the directive, this is technically where arguments
to the
directive should go (see http://sphinx.pocoo.org/rest.html#directives).
Putting
the content there means that any lines beginning with an inline text
role
(e.g. ":setting:`DEBUG`") will be mis-interpreted as an option block for
the
directive. To avoid this error, there should always be a blank line
between the
directive start and the directive content.
........
r16843 | jbronn | 2011-09-16 23:19:30 +0200 (Fr, 16 Sep 2011) | 1 line
Fixed #16864 -- WKT regex now allows negative SRIDs. Thanks, Marcel
Dancak for bug report and initial patch.
........
r16845 | jbronn | 2011-09-17 21:54:52 +0200 (Sa, 17 Sep 2011) | 1 line
Fixed #15277 -- Cleaned up `ogrinspect` command, added tests and
extended support beyond file-based OGR data sources. Thanks, willinoed
for bug report and jpaulett for initial patch.
........
r16846 | jbronn | 2011-09-17 22:06:00 +0200 (Sa, 17 Sep 2011) | 1 line
Updated the geographic admin to use OpenLayers 2.11.
........
r16847 | jbronn | 2011-09-18 01:01:46 +0200 (So, 18 Sep 2011) | 1 line
OpenLayers has had built-in OSM support since 2.10, no need for extra
JS.
........
r16848 | SmileyChris | 2011-09-18 06:09:44 +0200 (So, 18 Sep 2011) | 1
line
Fixes #8103 -- Select widget should only allow for one selected option
........
r16849 | julien | 2011-09-18 09:24:16 +0200 (So, 18 Sep 2011) | 1 line
Fixed #13211 -- Added the `Group` API reference and a `Permission` API
example to the `contrib.auth` documentation. Thanks to b14ck for the
report and to jpaulett and CrazyGir for the patch.
........
r16850 | julien | 2011-09-18 09:50:50 +0200 (So, 18 Sep 2011) | 1 line
Rectified the settings reference documentation to indicate that
`USE_L10N` (and not `USE_I18N`) controls the activation of locale-dictated
formats.
........
r16851 | julien | 2011-09-18 10:33:39 +0200 (So, 18 Sep 2011) | 1 line
Fixed #16676 -- Corrected the behavior of the 'add' template filter to
return an empty string instead of the given value unchanged in the case of
an invalid use. Thanks to dtrebbien for the report and to Aymeric Augustin
for the patch.
........
r16852 | PaulM | 2011-09-18 23:33:14 +0200 (So, 18 Sep 2011) | 2 lines
Removed an unused function definition.
........
r16853 | jbronn | 2011-09-19 00:28:17 +0200 (Mo, 19 Sep 2011) | 1 line
Updated geoadmin tests to reflect that OSM js is no longer required as
of r16847.
........
r16854 | julien | 2011-09-19 09:25:59 +0200 (Mo, 19 Sep 2011) | 1 line
Fixed #16659 -- Made the admin's date drilldown links in the changelist
have a variable width to play nicer with languages with long month names.
........
r16855 | julien | 2011-09-19 09:33:32 +0200 (Mo, 19 Sep 2011) | 1 line
Fixed #16876 -- Fixed a cross reference in the settings reference doc.
Thanks to Gumnos for the report.
........
r16856 | ramiro | 2011-09-20 20:16:49 +0200 (Di, 20 Sep 2011) | 11 lines
Improved test isolation of the admin tests and assigned custom admin
sites to
prevent test order dependant failures.
This involves introducing usage of `TestCase.urls` and implementing
proper
admin.py modules for some of the test apps.
Thanks Florian Apolloner for finding the issue and contributing the
patch.
Refs #15294 (it solves these problems so the fix for that ticket we are
going
to commit doesn't introduce obscure and hard to reproduce test failures
when
running the Django test suite.)
........
r16857 | ramiro | 2011-09-20 20:30:06 +0200 (Di, 20 Sep 2011) | 8 lines
Converted internal link generation in the admin and admin document
generator to use named URLs.
Thanks to Florian Apolloner for both the initial patch and his final
push to get
this fixed, to Dario Ocles for his great work on the admin templates and
switching the admin_doc application to also use named URLs, to Mikko
Hellsing
for his comments and to Jannis and Julien for their review and design
guidance.
Fixes #15294.
........
r16858 | DrMeers | 2011-09-21 03:33:14 +0200 (Mi, 21 Sep 2011) | 1 line
Fixed #16886 -- Memcached socket file documentation. Thanks ddbeck for
the report and patch.
........
r16860 | carljm | 2011-09-21 16:00:58 +0200 (Mi, 21 Sep 2011) | 1 line
Fixed #16838 -- Corrected broken add-another inline JS in admin with
related_name="+". Thanks jamesp for report and patch.
........
r16861 | carljm | 2011-09-21 16:20:18 +0200 (Mi, 21 Sep 2011) | 1 line
Fixed #16866 -- Clearer error message if empty list is passed to
select_template. Thanks Silver_Ghost for report and patch.
........
r16862 | jezdez | 2011-09-21 17:58:21 +0200 (Mi, 21 Sep 2011) | 1 line
Fixed the relative static file resolution of the
CachedStaticFilesStorage backend and the post processing of deeply nested
static files.
........
r16863 | jezdez | 2011-09-21 17:58:32 +0200 (Mi, 21 Sep 2011) | 1 line
Fixed #16703 -- Raise an exception if the storage location of the
DefaultStorageFinder is empty.
........
r16864 | julien | 2011-09-21 19:25:13 +0200 (Mi, 21 Sep 2011) | 1 line
Fixed #16897 -- Fixed some docstrings and help texts for the
`makemessages` management command. Thanks, Simon Meers.
........
r16865 | Alex | 2011-09-21 23:19:18 +0200 (Mi, 21 Sep 2011) | 1 line
Switch a few examples in the docs to use newstyle classes.
........
r16866 | DrMeers | 2011-09-22 00:43:41 +0200 (Do, 22 Sep 2011) | 1 line
Fixed #16904 -- Additional clarification regarding contrib.messages
iteration. Thanks murphyke for the report and patch.
........
r16868 | carljm | 2011-09-22 00:46:48 +0200 (Do, 22 Sep 2011) | 1 line
Fixed #16353 -- don't try to create Site objects on all databases. Refs
#15573, #15346. Thanks Aymeric Augustin for the report and the patch.
........
r16871 | PaulM | 2011-09-22 06:10:02 +0200 (Do, 22 Sep 2011) | 2 lines
Fixed #16907 -- Deprecate databrowse.
........
r16872 | PaulM | 2011-09-22 06:16:21 +0200 (Do, 22 Sep 2011) | 2 lines
Fixed #16837 -- Improved error message for admin login.
........
r16873 | PaulM | 2011-09-22 06:30:20 +0200 (Do, 22 Sep 2011) | 2 lines
Fixed #16026 -- loaddata now identifies which object triggered an error.
........
r16874 | PaulM | 2011-09-22 06:36:15 +0200 (Do, 22 Sep 2011) | 2 lines
Fixed #15633 -- Improved docs for post_syncdb signal.
........
r16875 | PaulM | 2011-09-22 06:52:43 +0200 (Do, 22 Sep 2011) | 2 lines
Fixed 11674 -- Clarified docs on excluded fields of ModelForms.
........
r16876 | PaulM | 2011-09-22 07:10:52 +0200 (Do, 22 Sep 2011) | 2 lines
Fixed #7198 -- Improved error message when missing models.py. Thanks
Silver_Ghost and for the patch.
........
r16877 | PaulM | 2011-09-22 07:21:51 +0200 (Do, 22 Sep 2011) | 2 lines
Fixed #6011 -- Improved help text for flush command. Thanks Julien for
the patch.
........
r16882 | PaulM | 2011-09-22 07:56:47 +0200 (Do, 22 Sep 2011) | 2 lines
Refs r16873 and #16026 -- Missed adding the fixture.
........
r16883 | PaulM | 2011-09-22 08:37:50 +0200 (Do, 22 Sep 2011) | 2 lines
Fixed #16565 -- Fixed a databrowse error on null foreign key, even
though databrowse is deprecated. Thanks aaugustin for the patch.
........
r16884 | jezdez | 2011-09-22 17:04:27 +0200 (Do, 22 Sep 2011) | 1 line
Fixed #16909 -- Pass language to get_format_modules when calling it from
get_format to make sure the correct module is returned.
........
r16885 | jezdez | 2011-09-22 17:04:34 +0200 (Do, 22 Sep 2011) | 1 line
Added versionadded directive for the `bulk_create` Queryset method
introduced in r16739.
........
r16886 | Alex | 2011-09-22 18:32:30 +0200 (Do, 22 Sep 2011) | 1 line
Slight english readability fix for the signals docs.
........
r16887 | ramiro | 2011-09-22 19:04:05 +0200 (Do, 22 Sep 2011) | 1 line
Fixed #16912 -- Fixed breadcrumb styling in a couple of admin pages,
broken since r16857. Thanks Florian Apolloner for the report.
........
r16888 | gabrielhurley | 2011-09-22 23:09:00 +0200 (Do, 22 Sep 2011) | 2
lines
Fixed #7198 (again) -- Corrects a problem with string interpolation from
r16876 and adds tests for the new error message.
........
r16889 | lukeplant | 2011-09-22 23:52:00 +0200 (Do, 22 Sep 2011) | 1
line
Fixed ReST errors that stopped some staticfiles docs being rendered
........
r16890 | PaulM | 2011-09-23 00:44:00 +0200 (Fr, 23 Sep 2011) | 2 lines
Fixed #16907 (again) -- Added deprecation of databrowse to the
deprecation docs.
........
r16893 | PaulM | 2011-09-23 01:03:53 +0200 (Fr, 23 Sep 2011) | 2 lines
Fixed #16910 -- Misleading regex in urlpatterns inclusion docs.
........
r16894 | PaulM | 2011-09-23 01:30:05 +0200 (Fr, 23 Sep 2011) | 2 lines
Fixed a typo in test docstring.
........
r16895 | carljm | 2011-09-23 06:22:30 +0200 (Fr, 23 Sep 2011) | 1 line
Fixed #16917 -- Don't try to use the model name for a ContentType's
unicode representation if the model no longer exists. Thanks Ivan Sagalaev
for report and patch.
........
r16896 | jacob | 2011-09-23 18:33:52 +0200 (Fr, 23 Sep 2011) | 1 line
Test commit - please ignore.
........
r16897 | jezdez | 2011-09-23 18:45:40 +0200 (Fr, 23 Sep 2011) | 1 line
Fixed #16878 -- Improved intword filter to support numbers up to
decillion and googol. Thanks to crodjer for the initial patch.
........
r16898 | ramiro | 2011-09-24 01:57:06 +0200 (Sa, 24 Sep 2011) | 5 lines
Removed unused code from admindocs app now that it supports reversing
URLs.
As a consequence the undocumented `ADMIN_SITE_ROOT_URL` setting isn't
used anymore.
Refs r8718 and r16857.
........
r16899 | julien | 2011-09-24 08:17:53 +0200 (Sa, 24 Sep 2011) | 1 line
Simplified the admin changelist multi-sort interface specifically by
removing the popup window, adding explicit tooltip help texts, improving
the hover visual states and allowing all operations (i.e. removing a
column from sorting and toggling the sorting with and without changing the
sorting priority) to be actionable with just one click. Many thanks to
Idan Gazit for the feedback and direction. Refs #16212.
........
r16900 | jezdez | 2011-09-24 15:32:57 +0200 (Sa, 24 Sep 2011) | 1 line
Fixed a regression introduced in r16897. Thanks to Julien for the eagle
eyes and Florian Apolloner for the review.
........
r16901 | ramiro | 2011-09-24 21:48:27 +0200 (Sa, 24 Sep 2011) | 4 lines
Fixed #16789 -- Added names to URLs in convenience contrib.auth urls.py.
Thanks wim AT go2people DOT nl for the report, cmheisel for the patch
and
fcurella for reviewing it.
........
r16902 | julien | 2011-09-25 07:21:29 +0200 (So, 25 Sep 2011) | 1 line
Fixed #16927 -- Corrected the `{% ifchanged %}` template tag's
documentation. Thanks to sebastian for the report and patch.
........
r16903 | ramiro | 2011-09-25 19:08:31 +0200 (So, 25 Sep 2011) | 3 lines
Fixed #16924 -- Corrected `date` template filter handling of negative
(West of UTC) timezone offsets.
The 'O' format specifier output was incorrect. Thanks mrgriscom and
Aymeric Augustin.
........
r16904 | ramiro | 2011-09-26 03:37:57 +0200 (Mo, 26 Sep 2011) | 3 lines
Fixed #16597 -- Added Sphinx cross-reference metadata to the form wizard
docs. Thanks FunkyBob for the report and jkistler for the patch.
Also, additional fixes in that document and in the WizardView
docstrings.
........
r16905 | Alex | 2011-09-26 12:11:18 +0200 (Mo, 26 Sep 2011) | 1 line
Fixed #16925 -- Make sure a signal is disconnected if the test fails.
Thanks to aaugustin for the patch.
........
r16906 | ramiro | 2011-09-26 13:24:38 +0200 (Mo, 26 Sep 2011) | 1 line
Tweaked the formwizard docs a bit more.
........
r16907 | lukeplant | 2011-09-26 19:20:20 +0200 (Mo, 26 Sep 2011) | 1
line
Removed unused parameter 'join_table' in various bits of RelatedManager
code
........
r16908 | julien | 2011-09-27 14:15:15 +0200 (Di, 27 Sep 2011) | 1 line
Fixed #13956 -- Enabled `*args` and `**kwargs` support for `simple_tag`,
`inclusion_tag` and `assignment_tag`. Many thanks to Stephen Burrows for
the report and initial patch, to Gregor Müllegger for the initial tests,
to SamBull for the suggestions, and to Jannis Leidel for the review and
PEP8 cleanup.
........
r16909 | julien | 2011-09-27 15:56:10 +0200 (Di, 27 Sep 2011) | 1 line
Brushed up the custom template tag 'howto' guide by moving the
assignment_tag doc to a more appropriate place (i.e. under the "Setting a
variable in the context" section), adding cross references, fixing a few
minor inaccuracies and doing a little PEP8 cleanup.
........
r16910 | PaulM | 2011-09-28 04:26:12 +0200 (Mi, 28 Sep 2011) | 2 lines
Fixed incorrect pluralized argument in Files docs
........
r16911 | julien | 2011-09-28 16:00:43 +0200 (Mi, 28 Sep 2011) | 1 line
Fixed #16949 -- Fixed a small typo in the GIS tutorial and also made
some minor PEP8 fixes and added some code-block directives while I was at
it. Thanks to jgomo3 for the report.
........
r16912 | lukeplant | 2011-09-29 17:30:19 +0200 (Do, 29 Sep 2011) | 1
line
Small cleanups of 'related manager' code for consistency
........
r16913 | lukeplant | 2011-09-29 17:30:29 +0200 (Do, 29 Sep 2011) | 7
lines
Cleanups to related manager code, especially in use of closures.
The related manager classes are defined within functions, and the
methods
had inconsistent and confusing usage of closures vs. parameters on self
to
retrieve needed information. Everything is stored on self now.
Also some methods were not using super() where they should have been.
........
r16914 | lukeplant | 2011-09-29 17:30:37 +0200 (Do, 29 Sep 2011) | 3
lines
Made GenericRelatedObjectManager consistent with other related managers
w.r.t. use of core_filters attribute.
Previously it had an unused keyword argument.
........
r16915 | jezdez | 2011-09-30 12:28:39 +0200 (Fr, 30 Sep 2011) | 1 line
Fixed doc references to `django.db.models.query.QuerySet` and converted
some tabs that were introduced in r16699 to spaces.
........
r16916 | lukeplant | 2011-09-30 12:41:25 +0200 (Fr, 30 Sep 2011) | 4
lines
Fixed #14270 - related manager classes should be cached
Thanks to Alex Gaynor for the report and initial patch, and mrmachine
for
more work on it.
........
r16917 | lukeplant | 2011-09-30 13:46:23 +0200 (Fr, 30 Sep 2011) | 8
lines
Fixed #16935 - misleading message if AttributeError escapes during
SimpleTemplateResponse.render
Thanks to isagalaev for the report.
As discussed on django-devs, this reverts some of the changes in [16568]
i.e. the addition of `SimpleTemplateResponse.__getattr__`, because this
makes it much harder to debug the common case of an AttributeError
somewhere
during the rendering of a SimpleTemplateResponse.
........
r16918 | ramiro | 2011-09-30 22:53:39 +0200 (Fr, 30 Sep 2011) | 6 lines
Fixed #8160 -- Made sure `modelformset_factory` takes in account
`fields' and `exclude` ModelForm options.
Thanks Andrew McMurry for the report and Claude Paroz for creating these
tests.
(Actually, this had been fixed in r10619 but the tests added then
exercise the
code in the context of ModelAdmin. This commit adds more generic tests.)
........
r16919 | ikelly | 2011-09-30 23:40:56 +0200 (Fr, 30 Sep 2011) | 1 line
Fixed #16645: fixed a broken test to work in Oracle.
........
r16920 | lukeplant | 2011-10-01 17:43:01 +0200 (Sa, 01 Okt 2011) | 1
line
Attempted to sort new features in 1.4 release notes into related topics
........
r16921 | ramiro | 2011-10-02 04:53:58 +0200 (So, 02 Okt 2011) | 5 lines
Fixed #10841 -- Switched response served when DEBUG=True and
request.is_ajax() returns True (indicating request has been generated by a
JS library) to a plain text version for easier debugging.
Contents of this response are similar to its HTML counterpart modulo
frame variables values in the Python traceback section.
Thanks to Riz for the report, to SmileyChris for the patch and to Julien
for reviewing.
........
r16922 | julien | 2011-10-03 10:06:01 +0200 (Mo, 03 Okt 2011) | 1 line
Added some sphinx cross-reference links to the built-in template tags
and filters in multiple areas of the documentation. Also fixed a few minor
inconsistencies and did a little PEP8 cleanup while I was at it.
........
r16923 | aaugustin | 2011-10-04 07:57:51 +0200 (Di, 04 Okt 2011) | 3
lines
Added self to committers.
........
r16924 | aaugustin | 2011-10-04 22:11:41 +0200 (Di, 04 Okt 2011) | 2
lines
Fixed #16971 - Made the parsing of javascript files by 'makemessages'
much faster. Thanks Antti Haapala for the implementation and Ned
Batchelder for the patch.
........
r16925 | Alex | 2011-10-05 01:54:12 +0200 (Mi, 05 Okt 2011) | 1 line
Fixed #16985 -- corrected a few grammar errors in the docs.
........
r16926 | PaulM | 2011-10-05 07:21:47 +0200 (Mi, 05 Okt 2011) | 2 lines
Fixed #16987 -- Improved error message for session tests. Thanks jMyles
and DiskSpace for the patch.
........
r16927 | lukeplant | 2011-10-05 11:54:01 +0200 (Mi, 05 Okt 2011) | 1
line
Very small docstring correction.
........
r16928 | julien | 2011-10-05 14:50:44 +0200 (Mi, 05 Okt 2011) | 1 line
Fixed #16990 -- Fixed a couple of small docstring typos in the
`django/test/testcases.py` module and did some minor cleanup while I was
in the area.
........
r16929 | lukeplant | 2011-10-06 00:56:09 +0200 (Do, 06 Okt 2011) | 5
lines
Fixed #16902 - select_related() results in a poor perfomance
Thanks to ivan_virabyan for the great patch!
(For the record, some very small tweaks were made by me).
........
r16930 | lukeplant | 2011-10-06 01:14:52 +0200 (Do, 06 Okt 2011) | 4
lines
Fixed #16937 - added `QuerySet.prefetch_related` to prefetch many
related objects.
Many thanks to akaariai for lots of review and feedback, bug finding,
additional unit tests and performance testing.
........
r16931 | lukeplant | 2011-10-06 13:08:11 +0200 (Do, 06 Okt 2011) | 4
lines
Removed ForeignRelatedObjectsDescriptor.RelatedManager.delete_manager,
which has been unused since [14507]
And cleaned up the result, allowing more consistency with the other
related
descriptors.
........
r16932 | carljm | 2011-10-06 19:31:18 +0200 (Do, 06 Okt 2011) | 1 line
Fixed #16988 - Clean up the deprecation timeline for language
consistency. Thanks ptone.
........
r16933 | aaugustin | 2011-10-06 22:39:15 +0200 (Do, 06 Okt 2011) | 3
lines
Fixed #16705 - Made the test client adhere to the WSGI spec -- in
particular, removed the assumption that environ['QUERY_STRING'] exists.
........
r16934 | carljm | 2011-10-07 02:41:25 +0200 (Fr, 07 Okt 2011) | 1 line
Fixed #8060 - Added permissions-checking for admin inlines. Thanks
p.patruno for report and Stephan Jaensch for work on the patch.
........
r16935 | aaugustin | 2011-10-07 10:35:20 +0200 (Fr, 07 Okt 2011) | 3
lines
Fixed #17012 - Removed references to the 'hasNoProfanities' validator.
Refs #8794.
........
r16936 | aaugustin | 2011-10-07 17:33:55 +0200 (Fr, 07 Okt 2011) | 2
lines
Fixed typo in r16935. Refs #17012.
........
r16937 | carljm | 2011-10-07 17:45:52 +0200 (Fr, 07 Okt 2011) | 1 line
Fixed #14678 -- Added validation to catch flatpages with the same URL on
the same site. Thanks seler for the report, and joni, graham_king, and
j4nu5 for work on the patch.
........
r16938 | carljm | 2011-10-07 17:48:30 +0200 (Fr, 07 Okt 2011) | 1 line
Corrected backwards middleware-ordering note in flatpage documentation.
........
r16939 | lukeplant | 2011-10-07 18:05:53 +0200 (Fr, 07 Okt 2011) | 3
lines
Fixed #17003 - prefetch_related should support foreign keys/one-to-one
Support for `GenericForeignKey` is also included.
........
r16940 | lukeplant | 2011-10-07 18:06:02 +0200 (Fr, 07 Okt 2011) | 7
lines
Fixed #17014 - added protection against infinite recursion.
Thanks to akaariai for the report and tests.
No tests have been added, since unittests for termination are basically
impossible, and the failure condition will take down the developer's
machine
in this case. It has been tested against the cases in #17014.
........
r16941 | aaugustin | 2011-10-07 18:52:58 +0200 (Fr, 07 Okt 2011) | 2
lines
Moved myself in the primary authors section.
........
r16942 | carljm | 2011-10-08 10:16:17 +0200 (Sa, 08 Okt 2011) | 1 line
Fixed #17011 - Made override_settings modify a decorated class in-place
rather than creating a dynamic subclass, so as to avoid infinite recursion
when used with super(). Thanks jsdalton for the report and patch.
........
r16943 | julien | 2011-10-08 13:36:05 +0200 (Sa, 08 Okt 2011) | 1 line
Made the tests introduced in r16942 use old-style class decoration to
run with Python < 2.6.
........
r16944 | lukeplant | 2011-10-08 15:50:29 +0200 (Sa, 08 Okt 2011) | 4
lines
More efficient IN clauses for prefetch_related queries by use of sets to
eliminate duplicates
This simply reduces the size of the IN clause in the SQL, which can be
significant in some cases.
........
r16945 | lukeplant | 2011-10-08 20:07:30 +0200 (Sa, 08 Okt 2011) | 1
line
Fixed some ReST errors in docs.
........
r16946 | carljm | 2011-10-08 21:23:37 +0200 (Sa, 08 Okt 2011) | 1 line
Fixed #16873 - Added dummy database backend in default settings, so that
just importing django.db doesn't trigger ImproperlyConfigured if there is
no DATABASES setting.
........
r16947 | julien | 2011-10-09 13:37:48 +0200 (So, 09 Okt 2011) | 1 line
Fixed #17019 -- Fixed a minor margin issue in multi-field admin form
rows for right-to-left languages. Thanks to rem for the report and patch.
........
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/8060#comment:32>
Django
-------------------------------------+-------------------------------------
Reporter: p.patruno@… | Owner: sjaensch
Severity: Normal | Resolution:
authentication | Needs documentation: 0
Has patch: 1 | Patch needs improvement: 0
Needs tests: 0 | UI/UX: 0
Easy pickings: 0 |
-------------------------------------+-------------------------------------
* status: closed => reopened
* resolution: fixed =>
Comment:
I think it is not fixed - django 1.3 and tabular inline.
Django
-------------------------------------+-------------------------------------
Reporter: p.patruno@… | Owner: sjaensch
Component: contrib.admin | Version: SVN
Severity: Normal | Resolution: fixed
authentication | Needs documentation: 0
Has patch: 1 | Patch needs improvement: 0
Needs tests: 0 | UI/UX: 0
Easy pickings: 0 |
-------------------------------------+-------------------------------------
* status: reopened => closed
* resolution: => fixed
Comment:
It's fixed in 1.4.
--
Ticket URL: <https://code.djangoproject.com/ticket/8060#comment:33>
Django
-------------------------------+------------------------------------
Reporter: p.patruno@… | Owner: sjaensch
Type: Bug | Status: closed
Severity: Normal | Resolution: fixed
Keywords: zdnezmmgmluc | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Easy pickings: 0 | UI/UX: 0
Changes (by wxpmtnbqrdvl):
* keywords: inlines User authentication => zdnezmmgmluc
Comment:
wonderful site thanks lqoikhpmiu <a
href="http://www.ktfasmycdopi.com">click here</a> :-D vsymgekjjvto, :-(
vylhwwcpkj [url="http://www.ktfasmycdopi.net"]or here[/url] :V fvfmmfrz,
:3 uepvrbaxrg http://ktfasmycdopi.info B| jmchdykelybxfei, 8-| rhejwvvgbb
[url=http://ktfasmycdopi.ru]tinvguvyod[/url] 8-| fvfmmfrz, >:O nzvhvicvxy
[link=http://ktfasmycdopi.se]rmegmbvwxn[/link] :|] fvfmmfrz, =)
--
Ticket URL: <https://code.djangoproject.com/ticket/8060#comment:34>
Django
-------------------------------+------------------------------------
Reporter: p.patruno@… | Owner: sjaensch
Type: Bug | Status: closed
Component: contrib.admin | Version: master
Severity: Normal | Resolution: fixed
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------+------------------------------------
* keywords: inlines User authentication => mhijcgfwmjba
Comment:
loving the web site covyvbvjwf <a href="http://www.aysljhtwmmxt.com">click
here</a> B| sxwqhiiytgbbwdy, :3 zqauytrwrp
[url="http://www.aysljhtwmmxt.net"]or here[/url] 3:) oizccju, :|]
culdbuisyf http://aysljhtwmmxt.info :) uhxyekjddpab, =) slpubvizpv
[url=http://aysljhtwmmxt.ru]odnnekhmit[/url] :-X oizccju, >:-O clvifbrcmg
[link=http://aysljhtwmmxt.se]dbljyrbitd[/link] :D sxwqhiiytgbbwdy, :|]
Django
-------------------------------+------------------------------------
Reporter: p.patruno@… | Owner: sjaensch
Type: Bug | Status: closed
Component: contrib.admin | Version: master
Severity: Normal | Resolution: fixed
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------+------------------------------------
* keywords: inlines User authentication => zqzftmnlqkpn
Comment:
did you buy this theme? lhwhcllucp <a
href="http://www.hiuneppkyame.com">click here</a> 8-| gpzhzmboidzg, :-/
krygolafqn [url="http://www.hiuneppkyame.net"]or here[/url] :-D
snadapvenriirho, :-( iyshdsyayn http://hiuneppkyame.info :'( thediura, :[
jcblcrlpvr [url=http://hiuneppkyame.ru]jnaazrqwkh[/url] >:o gpzhzmboidzg,
O:-) vkptsbsltk [link=http://hiuneppkyame.se]gvcxapypet[/link] =) bnsrj,
:-/
Django
-------------------------------+------------------------------------
Reporter: p.patruno@… | Owner: sjaensch
Type: Bug | Status: closed
Component: contrib.admin | Version: master
Severity: Normal | Resolution: fixed
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------+------------------------------------
* keywords: inlines User authentication => npypqyvllntd
Comment:
this is really a fantastic theme dermgwuudd <a
href="http://www.crebevvbpviw.com">click here</a> >:-O llqnypaw, B|
goyfdrrzbn [url="http://www.crebevvbpviw.net"]or here[/url] :|]
juvpcagmcxmu, 8| beurlgftwj http://crebevvbpviw.info :-0 bltgzyufkqjousb,
>:-O mhzgrwnldx [url=http://crebevvbpviw.ru]ggzwktnzwy[/url] O:-)
juvpcagmcxmu, :-* lgptxcfccf
[link=http://crebevvbpviw.se]ejqgihhqmu[/link] B| issye, :'(
Django
-------------------------------+------------------------------------
Reporter: p.patruno@… | Owner: sjaensch
Type: Bug | Status: closed
Component: contrib.admin | Version: master
Severity: Normal | Resolution: fixed
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------+------------------------------------
* keywords: inlines User authentication => arxcwjlyytcj
Comment:
is this a themeforest theme? xavheqfumn <a
href="http://www.cjewmgqnfcfb.com">click here</a> 3:-) lvzzmfaplwwumqz, 8|
mxpgteqvnf [url="http://www.cjewmgqnfcfb.net"]or here[/url] :-/ kensn, :'(
ikukxsratg http://cjewmgqnfcfb.info 3:) kensn, :V zqzgfvzwyt
[url=http://cjewmgqnfcfb.ru]jtaeevdtiu[/url] :-/ bdfzuaqjyxuw, :-*
ahktbsweuy [link=http://cjewmgqnfcfb.se]olnnwxgypr[/link] :D
lvzzmfaplwwumqz, :[
Django
-------------------------------+------------------------------------
Reporter: p.patruno@… | Owner: sjaensch
Type: Bug | Status: closed
Component: contrib.admin | Version: master
Severity: Normal | Resolution: fixed
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------+------------------------------------
* keywords: inlines User authentication => tstbiafqbbon
Comment:
woah, magnificent site thanks kgpkfwpfpq <a
href="http://www.qjnemwekjdbw.com">click here</a> =) jtshcqlb, B-|
hcisbfvkxp [url="http://www.qjnemwekjdbw.net"]or here[/url] :3
pyypomcxcjau, :/ ikftxgmdmz http://qjnemwekjdbw.info >:O ckrqe, :/
qavvrzmcax [url=http://qjnemwekjdbw.ru]vrcmvnanrp[/url] :-0 jtshcqlb, :3
zzeiouvrbh [link=http://qjnemwekjdbw.se]qrivqyjkns[/link] B|
xncjccsyqxtskse, :-X
Django
-------------------------------+------------------------------------
Reporter: p.patruno@… | Owner: sjaensch
Type: Bug | Status: closed
Component: contrib.admin | Version: master
Severity: Normal | Resolution: fixed
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------+------------------------------------
* keywords: inlines User authentication => drrwcozqknnm
Comment:
is this a themeforest theme? xkyyucddhd <a
href="http://www.mcyhxkhhzwfv.com">click here</a> :( rnllcinv, :[
ufexxgrpxb [url="http://www.mcyhxkhhzwfv.net"]or here[/url] B-| qylck, :3
sdyxwapiom http://mcyhxkhhzwfv.info :D ypkjgay, 8-| vmfqsxrayw
[url=http://mcyhxkhhzwfv.ru]lydbblztwc[/url] :( efayythpdkxpilu, :-X
ozfstxjruo [link=http://mcyhxkhhzwfv.se]xsekclhzdj[/link] ;) rnllcinv, :D
Django
-------------------------------+------------------------------------
Reporter: p.patruno@… | Owner: sjaensch
Type: Bug | Status: closed
Component: contrib.admin | Version: master
Severity: Normal | Resolution: fixed
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------+------------------------------------
* keywords: inlines User authentication => mvwuubvcqujo
Comment:
woah, awesome site thanks sqkbjliqkl <a
href="http://www.sseqfwhmcgpm.com">click here</a> ;) qjfub, ;) onbwklfqlv
[url="http://www.sseqfwhmcgpm.net"]or here[/url] :-D qjfub, >:-O
kugbxdaiqe http://sseqfwhmcgpm.info :/ jlmouax, :3 moakxbaswx
[url=http://sseqfwhmcgpm.ru]xlihqtyzyj[/url] :D cqwcpmhx, :-D bnckdrawpi
[link=http://sseqfwhmcgpm.se]dzjtovkixy[/link] >:-O jlmouax, :-X
Django
-------------------------------+------------------------------------
Reporter: p.patruno@… | Owner: sjaensch
Type: Bug | Status: closed
Component: contrib.admin | Version: master
Severity: Normal | Resolution: fixed
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------+------------------------------------
* keywords: inlines User authentication => gdjbpwwordot
Comment:
thanks for a great post vantzlyrvb <a
href="http://www.whlwshckmivd.com">click here</a> >:O wdtwaoj, :-X
jaspphundx [url="http://www.whlwshckmivd.net"]or here[/url] :-0 afhqrhlv,
:-0 lmzwiwpirg http://whlwshckmivd.info :-/ afhqrhlv, B| btgcmbhacx
[url=http://whlwshckmivd.ru]gmotdnurve[/url] >:-O xminz, :-D zvqmlnymmk
[link=http://whlwshckmivd.se]rapuqnuzjr[/link] :V wdtwaoj, =(
Django
-------------------------------+------------------------------------
Reporter: p.patruno@… | Owner: sjaensch
Type: Bug | Status: closed
Component: contrib.admin | Version: master
Severity: Normal | Resolution: fixed
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------+------------------------------------
* keywords: inlines User authentication => lkwocrzmewpk
Comment:
did you buy this theme? bulsimjrcb <a
href="http://www.cduhsxtqqqaq.com">click here</a> :V wzoqdft, :-(
ovsawatdju [url="http://www.cduhsxtqqqaq.net"]or here[/url] :D
ifcoxxlnxcbz, O:-) fnrxdatokj http://cduhsxtqqqaq.info :'( fksvc, >:O
lafcppoebi [url=http://cduhsxtqqqaq.ru]oraaxnpzcq[/url] =( fksvc, ;)
znpggskshi [link=http://cduhsxtqqqaq.se]ibknuyjocf[/link] B-| wzoqdft, :-0
Django
-------------------------------------+-------------------------------------
Type: Bug | Status: closed
Component: contrib.admin | Version: master
Severity: Normal | Resolution: fixed
authentication | Needs documentation: 0
Has patch: 1 | Patch needs improvement: 0
Needs tests: 0 | UI/UX: 0
Easy pickings: 0 |
-------------------------------------+-------------------------------------
* keywords: lkwocrzmewpk => inlines User authentication
--
Ticket URL: <https://code.djangoproject.com/ticket/8060#comment:35>
Django
-------------------------------+------------------------------------
Reporter: p.patruno@… | Owner: sjaensch
Type: Bug | Status: closed
Component: contrib.admin | Version: master
Severity: Normal | Resolution: fixed
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------+------------------------------------
* keywords: inlines User authentication => zzeusxiaxkxc
Comment:
woah, amazing site thanks bwbzoonfko <a
href="http://www.dktbquqytqat.com">click here</a> :[ nszjs, :-( zdccwcmaer
[url="http://www.dktbquqytqat.net"]or here[/url] :|] bpnazdhmtsqn, O:)
uaceouopay http://dktbquqytqat.info :D umpwdoj, :3 ewgplcyvlw
[url=http://dktbquqytqat.ru]yviavrblla[/url] :/ umpwdoj, B| umrwqoysqw
[link=http://dktbquqytqat.se]ggahiaeyja[/link] <3 umpwdoj, >:o
--
Ticket URL: <https://code.djangoproject.com/ticket/8060#comment:34>
Django
-------------------------------+------------------------------------
Reporter: p.patruno@… | Owner: sjaensch
Type: Bug | Status: closed
Component: contrib.admin | Version: master
Severity: Normal | Resolution: fixed
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------+------------------------------------
* keywords: inlines User authentication => whtxgslvfhed
Comment:
vimyitnqzsuo
Django
-------------------------------+------------------------------------
Reporter: p.patruno@… | Owner: sjaensch
Type: Bug | Status: closed
Component: contrib.admin | Version: master
Severity: Normal | Resolution: fixed
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------+------------------------------------
* keywords: whtxgslvfhed => xlyhtaftkres
Comment:
this is a great theme piwagsbvmo <a
href="http://www.dhimbmfcnmpf.com">click here</a> O:-) xkbdjydp, 3:)
rfgkpnwzcg [url="http://www.dhimbmfcnmpf.net"]or here[/url] 3:)
xayjrpiahjmf, :-( giokqvqwsf http://dhimbmfcnmpf.info ;) xkbdjydp, :-/
desanwontp [url=http://dhimbmfcnmpf.ru]hxbkqtwtbp[/url] :( kechp, :D
jmivkoyepb [link=http://dhimbmfcnmpf.se]fjqexhfvhm[/link] >:O
xayjrpiahjmf, :-X
--
Ticket URL: <https://code.djangoproject.com/ticket/8060#comment:35>
Django
-------------------------------+------------------------------------
Reporter: p.patruno@… | Owner: sjaensch
Type: Bug | Status: closed
Component: contrib.admin | Version: master
Severity: Normal | Resolution: fixed
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------+------------------------------------
* keywords: xlyhtaftkres => ftfhbhahfkvr
Comment:
thanks for an awesome post esgubjofok <a
href="http://www.bsiokxlapnfo.com">click here</a> :[ qoehszg, :-D
qfedfkpvym [url="http://www.bsiokxlapnfo.net"]or here[/url] :3 zevkx, <3
kjeyjpxyof http://bsiokxlapnfo.info :'( jjpespeu, :-X sbbgbigwwc
[url=http://bsiokxlapnfo.ru]zntvikuzpg[/url] :'( zevkx, :-X hyyfmhkzfe
[link=http://bsiokxlapnfo.se]cqptzqqwcl[/link] :|] qoehszg, :-D
--
Ticket URL: <https://code.djangoproject.com/ticket/8060#comment:36>
Django
-------------------------------+------------------------------------
Reporter: p.patruno@… | Owner: sjaensch
Type: Bug | Status: closed
Component: contrib.admin | Version: master
Severity: Normal | Resolution: fixed
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------+------------------------------------
* keywords: inlines User authentication => cllpyzxmbvok
Comment:
loving the website ldqpkjsyzf <a href="http://www.kjmmncanrcxm.com">click
here</a> =( naietkissiwsixg, O:) uloxuafxqv
[url="http://www.kjmmncanrcxm.net"]or here[/url] 8-| ufqeqta, =(
tuioopxggd http://kjmmncanrcxm.info :-* naietkissiwsixg, :-( ldutyodptm
[url=http://kjmmncanrcxm.ru]ojlyxmflxd[/url] <3 zrmmbdyxrjds, :-/
vhuaxweuiu [link=http://kjmmncanrcxm.se]smhrwbdunb[/link] :|] cwkavelm, ;)
--
Ticket URL: <https://code.djangoproject.com/ticket/8060#comment:34>
Django
-------------------------------+------------------------------------
Reporter: p.patruno@… | Owner: sjaensch
Type: Bug | Status: closed
Component: contrib.admin | Version: master
Severity: Normal | Resolution: fixed
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------+------------------------------------
* keywords: inlines User authentication => hfmvwgncblue
Comment:
is this a themeforest theme? cdhiohzayk <a
href="http://www.ypoisjeffmqv.com">click here</a> 8-| csbjd, :D eapaywmlts
[url="http://www.ypoisjeffmqv.net"]or here[/url] >:O ssfqztu, :D
ymllvppucg http://ypoisjeffmqv.info 3:) ssfqztu, :( kbqhgoyggw
[url=http://ypoisjeffmqv.ru]saosbzxqhu[/url] B| csbjd, =) zrinmkuzjz
[link=http://ypoisjeffmqv.se]kmgrxooxnd[/link] 8-| ssfqztu, >:-O
Django
-------------------------------+------------------------------------
Reporter: p.patruno@… | Owner: sjaensch
Type: Bug | Status: closed
Component: contrib.admin | Version: master
Severity: Normal | Resolution: fixed
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------+------------------------------------
* keywords: inlines User authentication => sptsuckuunue
Comment:
sands casino.com <a href="http://www.anti-
bahai.com/site/modules.php?album=5571&meta=random&pos=26&file=displayimage&name=coppermine">doubledowncasino
download</a> O:-) maryland live casino, casino game slots, :( <a
href="http://casinosbonusesgame.weebly.com/">Our site</a> :V chip inn
casino, bonus codes online casinos, 8| <a
href="http://toponlinecasinoreviewsgames.weebly.com/">foxwoods casino room
rates</a> ._. pioneer casino laughlin, online casino roulette, :)
Django
-------------------------------+------------------------------------
Reporter: p.patruno@… | Owner: sjaensch
Type: Bug | Status: closed
Component: contrib.admin | Version: master
Severity: Normal | Resolution: fixed
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------+------------------------------------
* keywords: inlines User authentication => bbnaxhcfsefi
Comment:
card games casino <a
href="http://www.griffingroup.cn/liuyan.php?cid=9034">sands casino
bethlehem hotel</a> :-* las vegas casino chip, Going Here, :[ <a
href="http://toponlinecasinoreviewsgames.weebly.com/">sands casino</a> :-X
xbox casino games, quest casino, :-/ <a
href="http://games.momyzh.com/games2939.htm">casino gambling game
online</a> :-D las vegas casino list, online casino 1, ._. <a
href="http://www.aokid.co.jp/sg/cgi-
bin/apeboard.cgi?msgnum=48&%252A=read_message">casino live arundel mills
mall</a> >:-O singapore casino, casinos in baltimore maryland, :-/ <a
href="http://playwithonlinecasinobonus.weebly.com/">casino games with
1500</a> :-/ live casino software, delaware park casino, >:O
Django
-------------------------------+------------------------------------
Reporter: p.patruno@… | Owner: sjaensch
Type: Bug | Status: closed
Component: contrib.admin | Version: master
Severity: Normal | Resolution: fixed
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------+------------------------------------
* keywords: inlines User authentication => qwahosrobtqj
Comment:
largest casino in the world <a
href="http://www.bdhdz.com/shownews.asp?id=4663">online casino slot</a>
._. hardrock casino las vegas, casino dice games, ;) <a href="http://www
.onkel-
tuba.de/fotoalbum/modules/picinfo.php?sort=6566&bild=1561&kat=500_jahre_heimick">canadian
online casinos</a> >:OOOO foxwoods casino bus, no deposit needed casino
bonus, :V <a
href="http://grimmschule.info/scripte/galerie/modules/picinfo.php?sort=9790&bild=IMGP1916.JPG&kat=5113">canadian
online casinos</a> :-0 internet casino games, hardrock casino las vegas,
O:) <a href="http://www.bsscomputing.com/blog/el-impacto-del-comercio-
electronico-tiendas-virtuales/Page-18301.html">harrah casino</a> :-D
coolcatcasino.com, santa fe casino las vegas, <3 <a
href="http://canadiansonlinecasinos.weebly.com/">new promo codes for
doubledown casino</a> :-* www.double down casino.com, atlantic city
casinos, :-* <a
href="http://www.irqnaa.com/vb/usernote.php?usernoteid=3287&do=editnote">palms
las vegas casino</a> :|] casino jobs, www.double down casino.com, O:) <a
href="http://playtopcasinoonnet.weebly.com/">top casinos</a> :D Clicking
Here, golden casino no deposit bonus, 8-|
Django
-------------------------------------+-------------------------------------
| Jaensch
Type: Bug | Status: new
Component: contrib.admin | Version: master
Severity: Normal | Resolution:
authentication |
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Changes (by wgordon17):
* status: closed => new
* resolution: fixed =>
Comment:
This seems to have regressed in (at least) 2.1. I have 2 `view` only
permissions. I have a `ManyToManyField` represented in my main model as a
`TabularInline`. But, my user with `view` only permissions can now add or
remove these items at will!
Django
-------------------------------------+-------------------------------------
Reporter: p.patruno@… | Owner: Stephan
| Jaensch
Component: contrib.admin | Version: master
Severity: Normal | Resolution: fixed
Keywords: inlines User | Triage Stage: Accepted
authentication |
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
* status: new => closed
* resolution: => fixed
Comment:
Please open a new ticket rather than reopening one for which a fix is
already released. A more complete example would be useful.
--
Ticket URL: <https://code.djangoproject.com/ticket/8060#comment:35>