I think there are a number of open tickets related to this. See https://code.djangoproject.com/ticket/23869 and the first comment that links to related issues. Feel free to offer a patch if you are able.
On Friday, October 30, 2015 at 3:04:21 PM UTC-4, Szymon Pyżalski wrote:
-- On Friday, October 30, 2015 at 3:04:21 PM UTC-4, Szymon Pyżalski wrote:
Hello!
According to the documentation, the behaviour of has_delete_permission
should look like this:
If obj is None, should return True or False to indicate whether deleting
objects of this type is permitted in general (e.g., False will be
interpreted as meaning that the current user is not permitted to delete
any object of this type).
I was amazed therefore when I saw that when this method returns True for
object=None, the *any bulk delete is possible*. This leads to a very
nonintuitive situation, where it is impossible to delete an object
directly, but it is possible to include it in a bulk to delete. Is it
the desired behaviour? Is it possible to check permissions for all
objects in bulk? If no, there should be a big fat warning about it in
the documentation.
Greetings
Szymon
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/1184f95b-8931-4d58-a108-fbe2d6b384f3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
No comments:
Post a Comment