Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

User can modify model when adding submit button #36

Open
Michaeljczhang opened this issue Nov 1, 2017 · 2 comments
Open

User can modify model when adding submit button #36

Michaeljczhang opened this issue Nov 1, 2017 · 2 comments

Comments

@Michaeljczhang
Copy link

User with only view permission can still edit and save the model.

All I need to do is to add a submit button to the existing submit row in html and click the button.
@ddein
Copy link

ddein commented Jan 18, 2018
edited
Loading

As an example of a quick solution you can override save_form:

    def save_form(self, request, form, change):
        obj = super().save_form(request, form, change)

        if not self._has_change_only_permission(request, obj):
            raise PermissionDenied

        return obj

@lefterisnik
Copy link
Contributor

lefterisnik commented Feb 15, 2018
edited
Loading

Hi @Michaeljczhang,

Yes, you are true. You can click the button but nothing will happen. Django Modelform will remove the readonly fields from the form so when Django will try to execute form.save() nothing will happen as there are no changes.

Thanks,
Lefteris

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ddein @lefterisnik @Michaeljczhang