diff options
| author | Carlton Gibson <carlton.gibson@noumenal.es> | 2018-06-05 15:05:57 +0200 |
|---|---|---|
| committer | Tim Graham <timograham@gmail.com> | 2018-06-13 14:53:25 -0400 |
| commit | aea0e2b9ca8376c1491f98262e20ed6069c70e5e (patch) | |
| tree | 7f483cfc46d251efd9a9e003957bcfdf10bcf6d4 | |
| parent | 422a403565ddb8c1866f90f1b2ce7d9157b33ce3 (diff) | |
[2.1.x] Refs #29419, #8936 -- Removed change permission requirement for admin actions.
Partially reverted 825f0beda804e48e9197fcf3b0d909f9f548aa47.
Backport of b30f9b131c9489b9d9f21c311ecb46d0aea91381 from master
| -rw-r--r-- | django/contrib/admin/options.py | 7 | ||||
| -rw-r--r-- | docs/ref/contrib/admin/actions.txt | 3 | ||||
| -rw-r--r-- | tests/modeladmin/tests.py | 14 |
3 files changed, 1 insertions, 23 deletions
diff --git a/django/contrib/admin/options.py b/django/contrib/admin/options.py index 702a9822e1..bc7a28a45d 100644 --- a/django/contrib/admin/options.py +++ b/django/contrib/admin/options.py @@ -861,9 +861,6 @@ class ModelAdmin(BaseModelAdmin): # want *any* actions enabled on this page. if self.actions is None or IS_POPUP_VAR in request.GET: return OrderedDict() - # The change permission is required to use actions. - if not self.has_change_permission(request): - return OrderedDict() actions = [] @@ -1692,8 +1689,6 @@ class ModelAdmin(BaseModelAdmin): # Actions with no confirmation if (actions and request.method == 'POST' and 'index' in request.POST and '_save' not in request.POST): - if not self.has_change_permission(request): - raise PermissionDenied if selected: response = self.response_action(request, queryset=cl.get_queryset(request)) if response: @@ -1710,8 +1705,6 @@ class ModelAdmin(BaseModelAdmin): if (actions and request.method == 'POST' and helpers.ACTION_CHECKBOX_NAME in request.POST and 'index' not in request.POST and '_save' not in request.POST): - if not self.has_change_permission(request): - raise PermissionDenied if selected: response = self.response_action(request, queryset=cl.get_queryset(request)) if response: diff --git a/docs/ref/contrib/admin/actions.txt b/docs/ref/contrib/admin/actions.txt index 88fcd60751..0eb6de5b11 100644 --- a/docs/ref/contrib/admin/actions.txt +++ b/docs/ref/contrib/admin/actions.txt @@ -340,9 +340,6 @@ Conditionally enabling or disabling actions Finally, you can conditionally enable or disable actions on a per-request (and hence per-user basis) by overriding :meth:`ModelAdmin.get_actions`. - This doesn't return any actions if the user doesn't have the "change" - permission for the model. - This returns a dictionary of actions allowed. The keys are action names, and the values are ``(function, name, short_description)`` tuples. diff --git a/tests/modeladmin/tests.py b/tests/modeladmin/tests.py index db6e9e8864..03fd5ef2be 100644 --- a/tests/modeladmin/tests.py +++ b/tests/modeladmin/tests.py @@ -11,7 +11,7 @@ from django.contrib.admin.widgets import ( AdminDateWidget, AdminRadioSelect, AutocompleteSelect, AutocompleteSelectMultiple, ) -from django.contrib.auth.models import Permission, User +from django.contrib.auth.models import User from django.db import models from django.forms.widgets import Select from django.test import SimpleTestCase, TestCase @@ -676,18 +676,6 @@ class ModelAdminTests(TestCase): self.assertEqual(perms_needed, set()) self.assertEqual(protected, []) - def test_get_actions_requires_change_perm(self): - user = User.objects.create_user(username='bob', email='bob@test.com', password='test') - mock_request = MockRequest() - mock_request.user = user - mock_request.GET = {} - ma = ModelAdmin(Band, self.site) - self.assertEqual(list(ma.get_actions(mock_request).keys()), []) - p = Permission.objects.get(codename='change_band', content_type=get_content_type_for_model(Band())) - user.user_permissions.add(p) - mock_request.user = User.objects.get(pk=user.pk) - self.assertEqual(list(ma.get_actions(mock_request).keys()), ['delete_selected']) - class ModelAdminPermissionTests(SimpleTestCase): |
