Fixed #21734 -- Handled ProtectedError in a POST to admin's delete_selected action.

2025-10-31 09:41:08 +00:00 · 2016-03-28 11:58:51 +05:30
parent 724a279849
commit a7c813ba04
2 changed files with 9 additions and 1 deletions
--- a/django/contrib/admin/actions.py
+++ b/django/contrib/admin/actions.py
@@ -38,7 +38,7 @@ def delete_selected(modeladmin, request, queryset):

    # The user has already confirmed the deletion.
    # Do the deletion and return a None to display the change list view again.
-    if request.POST.get('post'):
+    if request.POST.get('post') and not protected:
        if perms_needed:
            raise PermissionDenied
        n = queryset.count()
--- a/tests/admin_views/tests.py
+++ b/tests/admin_views/tests.py
@@ -3123,6 +3123,8 @@ class AdminActionsTest(TestCase):
            'action': 'delete_selected',
            'index': 0,
        }
+        delete_confirmation_data = action_data.copy()
+        delete_confirmation_data['post'] = 'yes'

        response = self.client.post(reverse('admin:admin_views_question_changelist'), action_data)

@@ -3138,6 +3140,12 @@ class AdminActionsTest(TestCase):
            html=True
        )

+        # A POST request to delete protected objects should display the page
+        # which says the deletion is prohibited.
+        response = self.client.post(reverse('admin:admin_views_question_changelist'), delete_confirmation_data)
+        self.assertContains(response, "would require deleting the following protected related objects")
+        self.assertEqual(Question.objects.count(), 2)
+
    def test_model_admin_default_delete_action_no_change_url(self):
        """
        Default delete action shouldn't break if a user's ModelAdmin removes the url for change_view.