To avoid unauthorized data disclosure, users must have the view **or**
change permission to the related object in order to use autocomplete.
I think that should be:
To avoid unauthorized data disclosure, users must have the view **and**
change permission to the related object in order to use autocomplete.
--
Ticket URL: <https://code.djangoproject.com/ticket/32836>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
* status: new => closed
* resolution: => invalid
Comment:
As far as I'm aware "or" is correct, see #29502 and
5b733171813f8ddc7af84abe79f2646204b9c6ca.
--
Ticket URL: <https://code.djangoproject.com/ticket/32836#comment:1>
Comment (by Nat S Dunn):
Replying to [comment:1 Mariusz Felisiak]:
> As far as I'm aware "or" is correct, see #29502 and
5b733171813f8ddc7af84abe79f2646204b9c6ca.
Thanks for looking at it. The test does make it look like it works, so
maybe I have something else wrong, but I find that the autocompletes don't
load if view isn't set and that you get a 403 when saving if change isn't
set.
--
Ticket URL: <https://code.djangoproject.com/ticket/32836#comment:2>
* cc: Carlton Gibson, Matthew Frazier (added)
--
Ticket URL: <https://code.djangoproject.com/ticket/32836#comment:3>