Re: [Django] #15759: list_editable should respect per-object permissions
27 views
Skip to first unread message
Django
Nov 3, 2018, 2:38:39 PM11/3/18
to django-...@googlegroups.com
#15759: list_editable should respect per-object permissions
-------------------------------+------------------------------------
Reporter: Jeremy Dunck | Owner: nobody
Type: Bug | Status: new
Component: contrib.admin | Version: master
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------+------------------------------------
Changes (by Asif Saifuddin Auvi):
-------------------------------+------------------------------------
Reporter: Jeremy Dunck | Owner: nobody
Type: Bug | Status: new
Component: contrib.admin | Version: master
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------+------------------------------------
Changes (by Asif Saifuddin Auvi):
* version: 1.3 => master
--
Ticket URL: <https://code.djangoproject.com/ticket/15759#comment:5>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
Django
Mar 12, 2024, 9:58:23 AM3/12/24
to django-...@googlegroups.com
#15759: list_editable should respect per-object permissions
-------------------------------+------------------------------------
Reporter: Jeremy Dunck | Owner: nobody
Type: Bug | Status: new
Component: contrib.admin | Version: dev
-------------------------------+------------------------------------
Reporter: Jeremy Dunck | Owner: nobody
Type: Bug | Status: new
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------+------------------------------------
Changes (by Ülgen Sarıkavak):
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------+------------------------------------
* cc: Ülgen Sarıkavak (added)
--
Ticket URL: <https://code.djangoproject.com/ticket/15759#comment:6>
Django
Aug 17, 2025, 11:44:50 PM8/17/25
to django-...@googlegroups.com
#15759: list_editable should respect per-object permissions
-------------------------------+---------------------------------------
Reporter: Jeremy Dunck | Owner: mrartem1927
Type: Bug | Status: assigned
Component: contrib.admin | Version: dev
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------+---------------------------------------
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Changes (by mrartem1927):
* owner: nobody => mrartem1927
* status: new => assigned
--
Ticket URL: <https://code.djangoproject.com/ticket/15759#comment:7>
Django
Aug 18, 2025, 5:57:34 PM8/18/25
to django-...@googlegroups.com
#15759: list_editable should respect per-object permissions
-------------------------------+---------------------------------------
Reporter: Jeremy Dunck | Owner: mrartem1927
Type: Bug | Status: assigned
Component: contrib.admin | Version: dev
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
-------------------------------+---------------------------------------
Reporter: Jeremy Dunck | Owner: mrartem1927
Type: Bug | Status: assigned
Component: contrib.admin | Version: dev
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------+---------------------------------------
Changes (by mrartem1927):
* has_patch: 0 => 1
Easy pickings: 0 | UI/UX: 0
-------------------------------+---------------------------------------
Changes (by mrartem1927):
Comment:
PR for this -> [https://github.com/django/django/pull/19743]
--
Ticket URL: <https://code.djangoproject.com/ticket/15759#comment:8>
Django
Mar 17, 2026, 6:33:25 PMMar 17
to django-...@googlegroups.com
#15759: list_editable should respect per-object permissions
-------------------------------------+-------------------------------------
Reporter: Jeremy Dunck | Owner: Artyom
| Kotovskiy
Type: Bug | Status: assigned
Component: contrib.admin | Version: dev
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 1
Component: contrib.admin | Version: dev
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Changes (by Jacob Walls):
* needs_better_patch: 0 => 1
--
Ticket URL: <https://code.djangoproject.com/ticket/15759#comment:9>
Django
Mar 25, 2026, 11:13:19 PMMar 25
to django-...@googlegroups.com
#15759: list_editable should respect per-object permissions
-------------------------------------+-------------------------------------
Reporter: Jeremy Dunck | Owner: Artyom
| Kotovskiy
Type: Bug | Status: assigned
Component: contrib.admin | Version: dev
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
-------------------------------------+-------------------------------------
Reporter: Jeremy Dunck | Owner: Artyom
| Kotovskiy
Type: Bug | Status: assigned
Component: contrib.admin | Version: dev
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Changes (by Artyom Kotovskiy):
-------------------------------------+-------------------------------------
* needs_better_patch: 1 => 0
--
Ticket URL: <https://code.djangoproject.com/ticket/15759#comment:10>
Django
Apr 7, 2026, 10:43:55 AMApr 7
to django-...@googlegroups.com
#15759: list_editable should respect per-object permissions
-------------------------------------+-------------------------------------
Reporter: Jeremy Dunck | Owner: Artyom
| Kotovskiy
Type: Bug | Status: assigned
Component: contrib.admin | Version: dev
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 1
-------------------------------------+-------------------------------------
Reporter: Jeremy Dunck | Owner: Artyom
| Kotovskiy
Type: Bug | Status: assigned
Component: contrib.admin | Version: dev
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
-------------------------------------+-------------------------------------
Changes (by Jacob Walls):
* needs_better_patch: 0 => 1
Comment:
* needs_better_patch: 0 => 1
Would be good to have merge conflicts fixed before re-review.
--
Ticket URL: <https://code.djangoproject.com/ticket/15759#comment:11>
Django
Apr 13, 2026, 1:33:24 AMApr 13
to django-...@googlegroups.com
#15759: list_editable should respect per-object permissions
-------------------------------------+-------------------------------------
Reporter: Jeremy Dunck | Owner: Artyom
| Kotovskiy
Type: Bug | Status: assigned
Component: contrib.admin | Version: dev
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
-------------------------------------+-------------------------------------
Reporter: Jeremy Dunck | Owner: Artyom
| Kotovskiy
Type: Bug | Status: assigned
Component: contrib.admin | Version: dev
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
-------------------------------------+-------------------------------------
Changes (by Artyom Kotovskiy):
* needs_better_patch: 1 => 0
--
* needs_better_patch: 1 => 0
Ticket URL: <https://code.djangoproject.com/ticket/15759#comment:12>
Django
Apr 22, 2026, 8:16:59 AM (7 days ago) Apr 22
to django-...@googlegroups.com
#15759: list_editable should respect per-object permissions
-------------------------------------+-------------------------------------
Reporter: Jeremy Dunck | Owner: Artyom
| Kotovskiy
Type: Bug | Status: assigned
Component: contrib.admin | Version: dev
Severity: Normal | Resolution:
Keywords: | Triage Stage: Ready for
-------------------------------------+-------------------------------------
Reporter: Jeremy Dunck | Owner: Artyom
| Kotovskiy
Type: Bug | Status: assigned
Component: contrib.admin | Version: dev
Severity: Normal | Resolution:
| checkin
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Changes (by Jacob Walls):
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
* stage: Accepted => Ready for checkin
--
Ticket URL: <https://code.djangoproject.com/ticket/15759#comment:13>
Django
Apr 22, 2026, 10:14:09 AM (7 days ago) Apr 22
to django-...@googlegroups.com
#15759: list_editable should respect per-object permissions
-------------------------------------+-------------------------------------
Reporter: Jeremy Dunck | Owner: Artyom
| Kotovskiy
Type: Bug | Status: closed
-------------------------------------+-------------------------------------
Reporter: Jeremy Dunck | Owner: Artyom
| Kotovskiy
Component: contrib.admin | Version: dev
Severity: Normal | Resolution: fixed
Keywords: | Triage Stage: Ready for
| checkin
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Changes (by Jacob Walls <jacobtylerwalls@…>):
| checkin
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
* resolution: => fixed
* status: assigned => closed
Comment:
In [changeset:"84db026228413dda4cd195464554d51c0b208e32" 84db026]:
{{{#!CommitTicketReference repository=""
revision="84db026228413dda4cd195464554d51c0b208e32"
Fixed #15759 -- Excluded fields by per-object permissions for
ModelAdmin.list_editable.
Instead of going over all objects in a queryset and filtering
by user permissions, added skipping while saving the formset
so there is no need to refetch objects again.
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/15759#comment:15>
Django
Apr 22, 2026, 10:14:09 AM (7 days ago) Apr 22
to django-...@googlegroups.com
#15759: list_editable should respect per-object permissions
-------------------------------------+-------------------------------------
Reporter: Jeremy Dunck | Owner: Artyom
| Kotovskiy
Type: Bug | Status: assigned
-------------------------------------+-------------------------------------
Reporter: Jeremy Dunck | Owner: Artyom
| Kotovskiy
Component: contrib.admin | Version: dev
Severity: Normal | Resolution:
Severity: Normal | Resolution:
Keywords: | Triage Stage: Ready for
| checkin
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Comment (by Jacob Walls <jacobtylerwalls@…>):
| checkin
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
In [changeset:"512e348bb271878a1e4f1ab6ae187a22dd16222b" 512e348b]:
{{{#!CommitTicketReference repository=""
revision="512e348bb271878a1e4f1ab6ae187a22dd16222b"
Refs #15759 -- Factored out _save_formset() in ModelAdmin.
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/15759#comment:14>
Django
Apr 28, 2026, 9:50:06 AM (16 hours ago) Apr 28
to django-...@googlegroups.com
#15759: list_editable should respect per-object permissions
-------------------------------------+-------------------------------------
Reporter: Jeremy Dunck | Owner: Artyom
| Kotovskiy
Type: Bug | Status: new
-------------------------------------+-------------------------------------
Reporter: Jeremy Dunck | Owner: Artyom
| Kotovskiy
Component: contrib.admin | Version: dev
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Severity: Normal | Resolution:
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Changes (by Tim Graham):
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
* resolution: fixed =>
* stage: Ready for checkin => Accepted
* status: closed => new
Comment:
[https://github.com/django/django/pull/21179 Follow up PR]
--
Ticket URL: <https://code.djangoproject.com/ticket/15759#comment:16>
Django
Apr 28, 2026, 1:44:15 PM (12 hours ago) Apr 28
to django-...@googlegroups.com
#15759: list_editable should respect per-object permissions
-------------------------------------+-------------------------------------
Reporter: Jeremy Dunck | Owner: Artyom
| Kotovskiy
Type: Bug | Status: new
Component: contrib.admin | Version: dev
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
-------------------------------------+-------------------------------------
Reporter: Jeremy Dunck | Owner: Artyom
| Kotovskiy
Type: Bug | Status: new
Component: contrib.admin | Version: dev
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Comment (by Jacob Walls <jacobtylerwalls@…>):
In [changeset:"5b3cfce51770f46c6dc100e9be7f199a37176762" 5b3cfce]:
{{{#!CommitTicketReference repository=""
revision="5b3cfce51770f46c6dc100e9be7f199a37176762"
Refs #15759 -- Fixed ModelAdmin.list_editable form submission for non-
editable instances.
Added formset that excludes objects for which
user has no permission for POST formset as well.
Fixed regression test: the test was not simulating
real behaviour properly. By providing full form
data for the post request we skipped the part
where the user was actually limited in permissions
and only modified some of the rows.
Improved tests by getting rid of obj.id % 2
approach for granting permissions per object
for users, since it is not the safest.
Instead granting permissions simply by 'alive'
parameter, which is simpler and more stable.
Bug in 84db026228413dda4cd195464554d51c0b208e32.
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/15759#comment:17>
Django
Apr 28, 2026, 4:23:40 PM (9 hours ago) Apr 28
to django-...@googlegroups.com
#15759: list_editable should respect per-object permissions
-------------------------------------+-------------------------------------
Reporter: Jeremy Dunck | Owner: Artyom
| Kotovskiy
Type: Bug | Status: closed
-------------------------------------+-------------------------------------
Reporter: Jeremy Dunck | Owner: Artyom
| Kotovskiy
Component: contrib.admin | Version: dev
Severity: Normal | Resolution: fixed
Keywords: | Triage Stage: Ready for
| checkin
| checkin
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Changes (by Jacob Walls):
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
* resolution: => fixed
* stage: Accepted => Ready for checkin
* status: new => closed
--
Ticket URL: <https://code.djangoproject.com/ticket/15759#comment:18>
Reply all
Reply to author
Forward
0 new messages