[6.0.x] Fixed CVE-2026-4277 -- Checked add permissions in GenericInlineModelAdmin.

Edit permissions were still checked as part of ordinary form validation,
but because GenericInlineModelAdmin overrides get_formset(), it lacked
InlineModelAdmin's dynamic DeleteProtectedModelForm.has_changed() logic
for checking permissions server-side, leaving the add case unaddressed.

This change reimplements the relevant part of InlineModelAdmin.get_formset().

Thanks N05ec@LZU-DSLab for the report, and Natalia Bidart,
Markus Holtermann, and Simon Charette for reviews.

Backport of ef8b25dcc06d158683a5623ce406d561638f4073 from main.

0 files changed, 0 insertions, 0 deletions