Fixed #21734 -- Handled ProtectedError in a POST to admin's delete_se…

…lected action
django · Mar 28, 2016 · 1a2b784 · 1a2b784
1 parent 1a403aa
commit 1a2b784
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 1 deletion.
diff --git a/django/contrib/admin/actions.py b/django/contrib/admin/actions.py
@@ -38,7 +38,7 @@ def delete_selected(modeladmin, request, queryset):
 
     # The user has already confirmed the deletion.
     # Do the deletion and return a None to display the change list view again.
-    if request.POST.get('post'):
+    if request.POST.get('post') and not protected:
         if perms_needed:
             raise PermissionDenied
         n = queryset.count()

diff --git a/tests/admin_views/tests.py b/tests/admin_views/tests.py
@@ -3156,6 +3156,22 @@ def test_model_admin_default_delete_action_no_change_url(self):
         # The page shouldn't display a link to the nonexistent change page
         self.assertContains(response, "<li>Unchangeable object: UnchangeableObject object</li>", 1, html=True)
 
+    def test_post_delete_action_protected(self):
+        """
+        A POST request to delete protected objects should display the page
+        which says the deletion is prohibited.
+        """
+        q = Question.objects.create(question='Why?')
+        Answer.objects.create(question=q, answer='Because.')
+
+        response = self.client.post(reverse('admin:admin_views_question_changelist'), {
+            ACTION_CHECKBOX_NAME: [q.pk],
+            'action': 'delete_selected',
+            'post': 'yes',
+        })
+        self.assertEqual(Question.objects.count(), 1)
+        self.assertContains(response, "would require deleting the following protected related objects")
+
     def test_custom_function_mail_action(self):
         "Tests a custom action defined in a function"
         action_data = {