I am attempting to delete a record from the Django admin interface. I click the check box then select "Delete Selected " from the action drop down and select 'Go'. This immediately throws a 403 error.
This is the area I am attempting to delete from that gets the 403s:
The model that is having problems deleting has two inline elements. However, will allow me to delete if I go to each individual record and select delete from there.
It works from here (after clicking 'Third' from the above image)
I watched the request in Firebug and it does not seem different than when I delete a record on a different model and it works.
This is the output of Firebug:
Parameters application/x-www-form-urlencoded
_selected_action 2
action delete_selected
csrfmiddlewaretoken lr6EAAPGJWJBWIm6NxIoyt8fWzfuNxj9
index 0
select_across 0
Source
csrfmiddlewaretoken=lr6EAAPGJWJBWIm6NxIoyt8fWzfuNxj9&action=delete_selected&select_across=0&index=0&_selected_action=2
I am unsure where to go to troubleshoot this error since I haven't modified the admin panel at all and the only thing in the logs is a 403 error. How can I get the delete at the model level to work?
Edit I have delete permissions to this model. It also occurs if the user deleting is the superuser.
I was not able to resolve this in a way that I wanted. I would have liked to keep the ability to delete from the overview page, but since it worked if I deleted an individual entry one at a time, I settled for this work around.
Add actions = None to the admin.py that contains this model. This removes the action drop down, preventing a user from selecting an option that will throw the 403 error.
Related
I've inherited a Django project that used v0.12.1 of django-tastypie to create an API, I have updated it to use v0.14.4, and am trying to get the new site to work the same as the previous.
The API Resources use DjangoAuthorization and while I can mostly* read list and details of them OK, if I try to read an api/<model>/schema/ URL I get a "401 Unauthorized" error. I should be able to view the schema whether I'm logged in or not, which was the case on the previous site.
I've noticed that the DjangoAuthorization.read_detail() view is called when I try to view a schema, and that the object_list property of the passed-in bundle is None. I'm not sure if this is the cause or, if so, how to get around it.
How can I continue to use DjangoAuthorization, allow anyone to view an endpoint's schema, and not change any other permissions?
* There seem to be several other issues/differences with just viewing objects' data through the API, but those are probably questions for another time.
I am using Django 1.11.2.
In every form in admin(on edit), if I have errors on the form, and I press delete, and on the delete page I press cancel to go back, I receive this error:
Confirm Form Resubmission
This webpage requires data that you entered earlier in order to be properly displayed. You can send this data again, but by doing so you will repeat any action this page previously performed.
Press the reload button to resubmit the data needed to load the page.
ERR_CACHE_MISS
If The form is clean and I don't have errors on it, is working.
How can I resolve this?
If I understand correctly, this is browser related : when you go back on a page where you submitted a form, the browser has the POST/GET values in its cache and asks you if you want to resubmit with the cached data.
You can only resubmit the data, you can't see the form as it was like that. You have to directly go to the URL (usually F6+Enter)
I have an issue where EPIServer 6 says "insufficient privileges to change this page". I am 100% sure that I'm the highest admin available, and I have tried on my colleagues admin accounts aswell.
This is the icon showing:
The page was previously forcefully deleted from the project giving a and error when trying to access it from the menu. I added the page back in the project, but still cannot delete it via episerver on the page..
Any ideas? Google search turns up dry..
Switch over to Admin mode, and check what groups your user is part of. Then go to Set Access Rights (still in Admin mode), select the page in the tree, and make sure that any of the groups your user is part of has Delete or Administer rights for the page. If none do, check if your user has any of those rights for the page. If not, then add those rights for your user, switch to Edit mode and delete the page.
If it still doesn't work, make the same checks for the Recycle Bin.
You should be able to delete it through code using the DataFactory Delete method with a RequiredAccess of None.
Although, that won't clarify why you can't delete the page through the UI... :/
If you have access to the EPiServer database directly you can run this script in order to force delete a page. At least if you're using EPiServer 6.
--- Force EPiServer page deletion
declare #pageIDtoDelete int
set #pageIDtoDelete = <INSERT PAGE ID HERE>
delete from tblWorkProperty where fkWorkPageID in (select pkID from tblWorkPage where fkPageID = #pageIDtoDelete)
delete from tblWorkPage where fkPageID = #pageIDtoDelete
delete from tblProperty where fkPageId = #pageIDtoDelete
delete from tblAccess where fkPageID = #pageIDtoDelete
delete from tblPageLanguage where fkPageID = #pageIDtoDelete
delete from tblPage where pkID = #pageIDtoDelete
A person with designer privileges in a Sharepoint site that I administer accidentally somehow created a list that is just her contact name with the little AD contact icon next to it.
When you click that list (her name), you get a 404 file not found.
I can't see any way to delete it from the available lists.
Try Site Settings > Site Administration:Site libraries and lists. If your list is shown, clicking the Customize link should take you to the List Settings page. You can then click Delete this list under Permissions and Management.
Have you tried using powershell?
http://spsherm.uptempoconsulting.com/2011/08/deleting-a-sharepoint-list-using-powershell/
Get a copy of SharePointManager to check to see what name/url the list was created with.
From what you say it may be that the list was created with characters that in the url or name that mean it malformed. You may have to go to the object model and script a delete statement using PowerShell.
But first you need to get more information on what the problem with the list is.
I am working on a site that would allow users to post some data. To successfully add a new post, the users need to go through three states: Form -> Preview -> Posted page. I want to restrict the users from going back to the Preview page with the browser "back button" once they have already reached the Posted page (instead, they should be redirected to the empty Form page). How can I implement this behaviour in Django?
I am not sure how you get this desired behavior from Django as you have limited control over the user's browser. However, in Javascript you can use:
window.location.replace(url);
which will remove history, thus preventing the back button from working.
See this stack overflow question about window location:
What's the difference between window.location= and window.location.replace()?
An idea: from your preview page, use AJAX to submit and if all is successful, window.location.replace to your posted page.
I can't speak for how to deal with this using browser technologies but with django you could just set a flag in the session.
# posted_page view
request.session['posted_page_visited'] = True
# preview_page view
if request.session.get('posted_page_visited'):
del request.session['posted_page_visited']
return http.HttpResponseRedirect("form_page")
Using js (window.location.replace(url)) doesn't fulfill this requirement because "replace url" will just replace the page with another one,Ex: if form flow goes from page1 to page2 then page3 then page4 and (window.location.replace(url)) is used in page2 (window.location.replace(page4);) then page3 will never be visited!! moreover user will still be able to go back in the same forward path meaning from page4 to page2...etc
the good thing, you can solve it by using Django session as shown below assuming users will be able to go back and forth as long as form not yet saved, and once its saved they can't go back anymore:
in page1/view function where first part of form is issued create session varaible:
in view1.py
def view1(request)
.
.
.
request.session['forward'] = True
return redirect(....)
in view2.py:
def view2(request):
if not request.session['forward']:
return redirect(..Select whatever page you want to redirect users to it..)
the same in rest of pages views..
in the last page/view where after saving the form, reset the variable:
request.session['forward'] = False
return redirect(..Select whatever page you want to redirect users to it..)
hopes its clear enough
django's form wizard should do what you want:
How it works
Here’s the basic workflow for how a user would use a wizard:
The user visits the first page of the wizard, fills in the form and submits it.
The server validates the data. If it’s invalid, the form is displayed again, with error messages. If it’s valid, the server saves
the current state of the wizard in the backend and redirects to the
next step.
Step 1 and 2 repeat, for every subsequent form in the wizard.
Once the user has submitted all the forms and all the data has been validated, the wizard processes the data – saving it to the
database, sending an email, or whatever the application needs to do.