Update admin.py

src/registrar/admin.py

@@ -953,7 +953,20 @@ class DomainApplicationAdmin(ListHeaderAdmin):
 
     # Trigger action when a fieldset is changed
     def save_model(self, request, obj, form, change):
-        if obj and obj.creator.status != models.User.RESTRICTED:
+
+        # If the user is restricted or we're saving an invalid model,
+        # forbid this action.
+        if not obj or obj.creator.status == models.User.RESTRICTED:
+            # Clear the success message
+            messages.set_level(request, messages.ERROR)
+
+            messages.error(
+                request,
+                "This action is not permitted for applications with a restricted creator.",
+            )
+
+            return None
+
         if change:  # Check if the application is being edited
             # Get the original application from the database
             original_obj = models.DomainApplication.objects.get(pk=obj.pk)
@@ -1003,14 +1016,6 @@ class DomainApplicationAdmin(ListHeaderAdmin):
                         selected_method()
 
                 super().save_model(request, obj, form, change)
-        else:
-            # Clear the success message
-            messages.set_level(request, messages.ERROR)
-
-            messages.error(
-                request,
-                "This action is not permitted for applications with a restricted creator.",
-            )
 
     def get_readonly_fields(self, request, obj=None):
         """Set the read-only state on form elements.