From 7d05e9eb75ec1eba7dcdca209e44c2574fb0bc91 Mon Sep 17 00:00:00 2001
From: Gabriel Scarcella <scarcella.ga@gmail.com>
Date: Fri, 21 Feb 2020 10:48:00 -0300
Subject: [PATCH 1/3] Fixing Change Permission on Inlines

---
 nested_inline/admin.py | 19 +++++++++++++------
 1 file changed, 13 insertions(+), 6 deletions(-)

diff --git a/nested_inline/admin.py b/nested_inline/admin.py
index adfecda..10b5260 100644
--- a/nested_inline/admin.py
+++ b/nested_inline/admin.py
@@ -286,8 +286,11 @@ def change_view(self, request, object_id, form_url='', extra_context=None):
 
         obj = self.get_object(request, unquote(object_id))
 
+        has_change_permission = self.has_change_permission(request, obj)
+        has_add_permission = self.has_add_permission(request)
+
         if request.method == 'POST':
-            if not self.has_change_permission(request, obj):
+            if not has_change_permission:
                 raise PermissionDenied
         else:
             if not self.has_view_or_change_permission(request, obj):
@@ -348,14 +351,14 @@ def change_view(self, request, object_id, form_url='', extra_context=None):
                 if hasattr(inline, 'inlines') and inline.inlines:
                     self.add_nested_inline_formsets(request, inline, formset)
 
-        if not self.has_change_permission(request, obj):
+        if not has_change_permission:
             readonly_fields = flatten_fieldsets(self.get_fieldsets(request, obj))
         else:
             readonly_fields = self.get_readonly_fields(request, obj)
 
         adminForm = helpers.AdminForm(
             form, self.get_fieldsets(request, obj),
-            self.get_prepopulated_fields(request, obj) if self.has_change_permission(request, obj) else {},
+            self.get_prepopulated_fields(request, obj) if has_change_permission else {},
             readonly_fields,
             model_admin=self,
         )
@@ -365,15 +368,19 @@ def change_view(self, request, object_id, form_url='', extra_context=None):
         for inline, formset in zip(inline_instances, formsets):
             fieldsets = list(inline.get_fieldsets(request, obj))
             readonly = list(inline.get_readonly_fields(request, obj))
-            prepopulated = dict(inline.get_prepopulated_fields(request, obj))
+            prepopulated = dict(inline.get_prepopulated_fields(request, obj)) if has_change_permission else {}
+
             inline_admin_formset = helpers.InlineAdminFormSet(
-                inline, formset, fieldsets, prepopulated, readonly, model_admin=self,
+                inline, formset, fieldsets, prepopulated, readonly,
+                model_admin=self,
+                has_change_permission=has_change_permission,
+                has_add_permission=False,
             )
             inline_admin_formsets.append(inline_admin_formset)
             media = media + inline_admin_formset.media
             if hasattr(inline, 'inlines') and inline.inlines:
                 extra_media = self.wrap_nested_inline_formsets(
-                    request, inline, formset, self.has_change_permission(request, obj),
+                    request, inline, formset, not has_change_permission,
                 )
                 if extra_media:
                     media += extra_media

From cde1e80423980016c9e3aac46fc77c081af80566 Mon Sep 17 00:00:00 2001
From: Gabriel Scarcella <scarcella.ga@gmail.com>
Date: Fri, 21 Feb 2020 10:53:12 -0300
Subject: [PATCH 2/3] Fixing Hard Coded Boolean

---
 nested_inline/admin.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nested_inline/admin.py b/nested_inline/admin.py
index 10b5260..7c91188 100644
--- a/nested_inline/admin.py
+++ b/nested_inline/admin.py
@@ -374,7 +374,7 @@ def change_view(self, request, object_id, form_url='', extra_context=None):
                 inline, formset, fieldsets, prepopulated, readonly,
                 model_admin=self,
                 has_change_permission=has_change_permission,
-                has_add_permission=False,
+                has_add_permission=False if not has_change_permission else self.has_add_permission(request),
             )
             inline_admin_formsets.append(inline_admin_formset)
             media = media + inline_admin_formset.media

From 71cf604c428c538daa701d0274926865771bf40a Mon Sep 17 00:00:00 2001
From: Oskar Persson <oskar.persson@polken.se>
Date: Fri, 21 Feb 2020 23:13:38 +0100
Subject: [PATCH 3/3] Set permissions on all levels based on root

---
 nested_inline/admin.py | 22 ++++++++++++++++++++--
 1 file changed, 20 insertions(+), 2 deletions(-)

diff --git a/nested_inline/admin.py b/nested_inline/admin.py
index 7c91188..980ff06 100644
--- a/nested_inline/admin.py
+++ b/nested_inline/admin.py
@@ -117,6 +117,7 @@ def get_media(extra_media):
                 if read_only:
                     readonly = flatten_fieldsets(list(nested_inline.get_fieldsets(request, instance)))
                     prepopulated = {}
+                    nested_formset.extra = nested_formset.max_num = 0
                 else:
                     readonly = list(nested_inline.get_readonly_fields(request, instance))
                     prepopulated = dict(nested_inline.get_prepopulated_fields(request, instance))
@@ -124,6 +125,10 @@ def get_media(extra_media):
                 wrapped_nested_formset = helpers.InlineAdminFormSet(
                     nested_inline, nested_formset,
                     fieldsets, prepopulated, readonly, model_admin=self,
+                    has_add_permission=not read_only,
+                    has_change_permission=not read_only,
+                    has_delete_permission=not read_only,
+                    has_view_permission=True,
                 )
                 wrapped_nested_formsets.append(wrapped_nested_formset)
                 media = get_media(wrapped_nested_formset.media)
@@ -364,17 +369,30 @@ def change_view(self, request, object_id, form_url='', extra_context=None):
         )
         media = self.media + adminForm.media
 
+        can_edit_parent = self.has_change_permission(request, obj)
         inline_admin_formsets = []
         for inline, formset in zip(inline_instances, formsets):
             fieldsets = list(inline.get_fieldsets(request, obj))
             readonly = list(inline.get_readonly_fields(request, obj))
             prepopulated = dict(inline.get_prepopulated_fields(request, obj)) if has_change_permission else {}
 
+            if can_edit_parent:
+                inline_has_add_permission = inline.has_add_permission(request, obj)
+                inline_has_change_permission = inline.has_change_permission(request, obj)
+                inline_has_delete_permission = inline.has_delete_permission(request, obj)
+            else:
+                # Disable all edit-permissions, and overide formset settings.
+                inline_has_add_permission = inline_has_change_permission = inline_has_delete_permission = False
+                formset.extra = formset.max_num = 0
+
+            inline_has_view_permission = inline.has_view_permission(request, obj)
             inline_admin_formset = helpers.InlineAdminFormSet(
                 inline, formset, fieldsets, prepopulated, readonly,
                 model_admin=self,
-                has_change_permission=has_change_permission,
-                has_add_permission=False if not has_change_permission else self.has_add_permission(request),
+                has_add_permission=inline_has_add_permission,
+                has_change_permission=inline_has_change_permission,
+                has_delete_permission=inline_has_delete_permission,
+                has_view_permission=inline_has_view_permission,
             )
             inline_admin_formsets.append(inline_admin_formset)
             media = media + inline_admin_formset.media