django.git/tests/admin_views/admin.py, branch main django http://cgit.adnoto.dev/django.git/atom?h=main 2026-04-28T17:44:04Z Refs #15759 -- Fixed ModelAdmin.list_editable form submission for non-editable instances. 2026-04-28T17:44:04Z Artyom Kotovskiy artyomkotovskiy@gmail.com 2026-04-25T04:00:31Z urn:sha1:5b3cfce51770f46c6dc100e9be7f199a37176762 Added formset that excludes objects for which user has no permission for POST formset as well. Fixed regression test: the test was not simulating real behaviour properly. By providing full form data for the post request we skipped the part where the user was actually limited in permissions and only modified some of the rows. Improved tests by getting rid of obj.id % 2 approach for granting permissions per object for users, since it is not the safest. Instead granting permissions simply by 'alive' parameter, which is simpler and more stable. Bug in 84db026228413dda4cd195464554d51c0b208e32. Fixed #15759 -- Excluded fields by per-object permissions for ModelAdmin.list_editable. 2026-04-22T14:13:58Z Artyom Kotovskiy artyomkotovskiy@gmail.com 2026-04-10T04:27:14Z urn:sha1:84db026228413dda4cd195464554d51c0b208e32 Instead of going over all objects in a queryset and filtering by user permissions, added skipping while saving the formset so there is no need to refetch objects again. Refs CVE-2026-4292 -- Isolated new test in AdminViewListEditable. 2026-04-08T17:34:01Z Jacob Walls jacobtylerwalls@gmail.com 2026-04-08T13:30:10Z urn:sha1:280256499c5b2d636949f3c8cb52159a8e4c26bb As originally written, this test interfered with admin_views.tests.SeleniumTests.test_inline_uuid_pk_add_with_popup. To fix this, register the new ModelAdmin with a different AdminSite. Fixed CVE-2026-4292 -- Disallowed instance creation via ModelAdmin.list_editable. 2026-04-07T11:12:20Z Jacob Walls jacobtylerwalls@gmail.com 2026-03-16T22:05:22Z urn:sha1:6afe7ce93964f56e33a29d477c269436f9b60cbf Thanks Natalia Bidart, Jake Howard, and Markus Holtermann for reviews. Fixed #34643 -- Moved inputs beneath labels and errors in admin forms. 2026-02-27T12:43:45Z antoliny0919 antoliny0919@gmail.com 2025-08-07T13:17:50Z urn:sha1:187a789f99ecbc708de517c6b54d480b68ba59fe Thanks Sarah Boyce and Jacob Walls for reviews. Co-authored-by: Hrushikesh Vaidya <hrushikeshrv@gmail.com> Fixed #36127 -- Applied default empty display value to links otherwise containing only whitespace in admin. 2026-02-20T14:43:41Z SiHyunLee antoliny0919@gmail.com 2026-02-20T14:43:41Z urn:sha1:283ea9e9e014adf0013c18700c36b98efa2f0aac Modified tests to format PKs with %s rather than %d. 2026-02-10T21:04:24Z Tim Graham timograham@gmail.com 2026-02-06T16:06:17Z urn:sha1:d007fcf7291cc3c24d4545e23c759bde22b6a8a6 It's how Django formats values internally and makes tests compatible with databases that use non-integer primary keys. Fixed #36788 -- Fixed horizontal form field alignment under <fieldset> in the admin. 2026-02-02T13:15:13Z Jacob Walls jacobtylerwalls@gmail.com 2026-01-23T20:10:31Z urn:sha1:b665a67d61a8a4fd2ad85aeb77282bc49541723f Thanks Antoliny for the review. Regression in 4187da258fe212d494cb578a0bc2b52c4979ab95. Fixed #13883 -- Rendered named choice groups with <optgroup> in FilteredSelectMultiple. 2026-01-23T02:12:23Z seanhelvey sean.helvey@gmail.com 2024-12-13T19:56:53Z urn:sha1:b1ffa9a9d78b0c2c5ad6ed5a1d84e380d5cfd010 This patch adds support for <optgroup>s in FilteredSelectMultiple widgets. When a popup returns a new object, if the source field contains optgroup choices, the optgroup is now also included in the response data. Additionally, this adds error handling for invalid source_model parameters to prevent crashes and display user-friendly error messages instead. Co-authored-by: Michael McLarnon <mmclar@gmail.com> Fixed #35892 -- Supported Widget.use_fieldset in admin forms. 2025-08-19T14:35:56Z antoliny0919 antoliny0919@gmail.com 2025-07-27T22:59:26Z urn:sha1:4187da258fe212d494cb578a0bc2b52c4979ab95