summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorCarlton Gibson <carlton.gibson@noumenal.es>2018-06-05 15:05:57 +0200
committerTim Graham <timograham@gmail.com>2018-06-13 14:53:25 -0400
commitaea0e2b9ca8376c1491f98262e20ed6069c70e5e (patch)
tree7f483cfc46d251efd9a9e003957bcfdf10bcf6d4
parent422a403565ddb8c1866f90f1b2ce7d9157b33ce3 (diff)
[2.1.x] Refs #29419, #8936 -- Removed change permission requirement for admin actions.
Partially reverted 825f0beda804e48e9197fcf3b0d909f9f548aa47. Backport of b30f9b131c9489b9d9f21c311ecb46d0aea91381 from master
-rw-r--r--django/contrib/admin/options.py7
-rw-r--r--docs/ref/contrib/admin/actions.txt3
-rw-r--r--tests/modeladmin/tests.py14
3 files changed, 1 insertions, 23 deletions
diff --git a/django/contrib/admin/options.py b/django/contrib/admin/options.py
index 702a9822e1..bc7a28a45d 100644
--- a/django/contrib/admin/options.py
+++ b/django/contrib/admin/options.py
@@ -861,9 +861,6 @@ class ModelAdmin(BaseModelAdmin):
# want *any* actions enabled on this page.
if self.actions is None or IS_POPUP_VAR in request.GET:
return OrderedDict()
- # The change permission is required to use actions.
- if not self.has_change_permission(request):
- return OrderedDict()
actions = []
@@ -1692,8 +1689,6 @@ class ModelAdmin(BaseModelAdmin):
# Actions with no confirmation
if (actions and request.method == 'POST' and
'index' in request.POST and '_save' not in request.POST):
- if not self.has_change_permission(request):
- raise PermissionDenied
if selected:
response = self.response_action(request, queryset=cl.get_queryset(request))
if response:
@@ -1710,8 +1705,6 @@ class ModelAdmin(BaseModelAdmin):
if (actions and request.method == 'POST' and
helpers.ACTION_CHECKBOX_NAME in request.POST and
'index' not in request.POST and '_save' not in request.POST):
- if not self.has_change_permission(request):
- raise PermissionDenied
if selected:
response = self.response_action(request, queryset=cl.get_queryset(request))
if response:
diff --git a/docs/ref/contrib/admin/actions.txt b/docs/ref/contrib/admin/actions.txt
index 88fcd60751..0eb6de5b11 100644
--- a/docs/ref/contrib/admin/actions.txt
+++ b/docs/ref/contrib/admin/actions.txt
@@ -340,9 +340,6 @@ Conditionally enabling or disabling actions
Finally, you can conditionally enable or disable actions on a per-request
(and hence per-user basis) by overriding :meth:`ModelAdmin.get_actions`.
- This doesn't return any actions if the user doesn't have the "change"
- permission for the model.
-
This returns a dictionary of actions allowed. The keys are action names, and
the values are ``(function, name, short_description)`` tuples.
diff --git a/tests/modeladmin/tests.py b/tests/modeladmin/tests.py
index db6e9e8864..03fd5ef2be 100644
--- a/tests/modeladmin/tests.py
+++ b/tests/modeladmin/tests.py
@@ -11,7 +11,7 @@ from django.contrib.admin.widgets import (
AdminDateWidget, AdminRadioSelect, AutocompleteSelect,
AutocompleteSelectMultiple,
)
-from django.contrib.auth.models import Permission, User
+from django.contrib.auth.models import User
from django.db import models
from django.forms.widgets import Select
from django.test import SimpleTestCase, TestCase
@@ -676,18 +676,6 @@ class ModelAdminTests(TestCase):
self.assertEqual(perms_needed, set())
self.assertEqual(protected, [])
- def test_get_actions_requires_change_perm(self):
- user = User.objects.create_user(username='bob', email='bob@test.com', password='test')
- mock_request = MockRequest()
- mock_request.user = user
- mock_request.GET = {}
- ma = ModelAdmin(Band, self.site)
- self.assertEqual(list(ma.get_actions(mock_request).keys()), [])
- p = Permission.objects.get(codename='change_band', content_type=get_content_type_for_model(Band()))
- user.user_permissions.add(p)
- mock_request.user = User.objects.get(pk=user.pk)
- self.assertEqual(list(ma.get_actions(mock_request).keys()), ['delete_selected'])
-
class ModelAdminPermissionTests(SimpleTestCase):