[Django] #32836: User needs both change and view permissions for autocomplete to work, not one or the other.

[Django]

#32836: User needs both change and view permissions for autocomplete to work, not
one or the other.
-------------------------------------+-------------------------------------
Reporter: Nat S | Owner: nobody
Dunn |
Type: Bug | Status: new
Component: | Version: 3.2
Documentation |
Severity: Normal | Keywords: autocomplete_fields
Triage Stage: | Has patch: 0
Unreviewed |
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 1
UI/UX: 0 |
-------------------------------------+-------------------------------------
The documentation at
https://docs.djangoproject.com/en/3.2/ref/contrib/admin/#django.contrib.admin.ModelAdmin.autocomplete_fields
currently reads:

To avoid unauthorized data disclosure, users must have the view **or**
change permission to the related object in order to use autocomplete.

I think that should be:

To avoid unauthorized data disclosure, users must have the view **and**
change permission to the related object in order to use autocomplete.

--
Ticket URL: <https://code.djangoproject.com/ticket/32836>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

[Django]

#32836: User needs both change and view permissions for autocomplete to work, not
one or the other.
-------------------------------------+-------------------------------------

Reporter: Nat S Dunn | Owner: nobody
Type: Bug | Status: closed
Component: Documentation | Version: 3.2
Severity: Normal | Resolution: invalid
Keywords: autocomplete_fields | Triage Stage:
| Unreviewed
Has patch: 0 | Needs documentation: 0

Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 1 | UI/UX: 0
-------------------------------------+-------------------------------------

Changes (by Mariusz Felisiak):

* status: new => closed
* resolution: => invalid

Comment:

As far as I'm aware "or" is correct, see #29502 and
5b733171813f8ddc7af84abe79f2646204b9c6ca.

--
Ticket URL: <https://code.djangoproject.com/ticket/32836#comment:1>

[Django]

#32836: User needs both change and view permissions for autocomplete to work, not
one or the other.
-------------------------------------+-------------------------------------

Reporter: Nat S Dunn | Owner: nobody
Type: Bug | Status: closed
Component: Documentation | Version: 3.2
Severity: Normal | Resolution: invalid
Keywords: autocomplete_fields | Triage Stage:
| Unreviewed

Has patch: 0 | Needs documentation: 0

Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 1 | UI/UX: 0
-------------------------------------+-------------------------------------

Comment (by Nat S Dunn):

Replying to [comment:1 Mariusz Felisiak]:

> As far as I'm aware "or" is correct, see #29502 and
5b733171813f8ddc7af84abe79f2646204b9c6ca.

Thanks for looking at it. The test does make it look like it works, so
maybe I have something else wrong, but I find that the autocompletes don't
load if view isn't set and that you get a 403 when saving if change isn't
set.

--
Ticket URL: <https://code.djangoproject.com/ticket/32836#comment:2>

[Django]

#32836: User needs both change and view permissions for autocomplete to work, not
one or the other.
-------------------------------------+-------------------------------------

Reporter: Nat S Dunn | Owner: nobody
Type: Bug | Status: closed
Component: Documentation | Version: 3.2
Severity: Normal | Resolution: invalid
Keywords: autocomplete_fields | Triage Stage:
| Unreviewed

Has patch: 0 | Needs documentation: 0

Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 1 | UI/UX: 0
-------------------------------------+-------------------------------------

Changes (by Mariusz Felisiak):

* cc: Carlton Gibson, Matthew Frazier (added)

--
Ticket URL: <https://code.djangoproject.com/ticket/32836#comment:3>