summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlexander Todorov <atodorov@otb.bg>2018-08-18 00:43:00 +0300
committerTim Graham <timograham@gmail.com>2018-08-17 17:43:00 -0400
commit53ebd4cb1397145d11a54e2c1dd83b63fc337097 (patch)
tree136b4db1de42a82bd647936b4f7b33173848e87e
parent3d4080f19c606865f8f76d30d91c49d989a7f76c (diff)
Fixed #29686 -- Made UserAdmin.user_change_password() pass user to has_change_permission().
-rw-r--r--django/contrib/auth/admin.py4
-rw-r--r--tests/auth_tests/test_views.py8
2 files changed, 10 insertions, 2 deletions
diff --git a/django/contrib/auth/admin.py b/django/contrib/auth/admin.py
index 0d3267b71b..1056297468 100644
--- a/django/contrib/auth/admin.py
+++ b/django/contrib/auth/admin.py
@@ -126,9 +126,9 @@ class UserAdmin(admin.ModelAdmin):
@sensitive_post_parameters_m
def user_change_password(self, request, id, form_url=''):
- if not self.has_change_permission(request):
- raise PermissionDenied
user = self.get_object(request, unquote(id))
+ if not self.has_change_permission(request, user):
+ raise PermissionDenied
if user is None:
raise Http404(_('%(name)s object with primary key %(key)r does not exist.') % {
'name': self.model._meta.verbose_name,
diff --git a/tests/auth_tests/test_views.py b/tests/auth_tests/test_views.py
index e9f4fce89b..0facae74d4 100644
--- a/tests/auth_tests/test_views.py
+++ b/tests/auth_tests/test_views.py
@@ -3,6 +3,7 @@ import itertools
import os
import re
from importlib import import_module
+from unittest import mock
from urllib.parse import quote
from django.apps import apps
@@ -1203,6 +1204,13 @@ class ChangelistTests(AuthViewsTestCase):
response = self.client.get(reverse('auth_test_admin:auth_user_password_change', args=('foobar',)))
self.assertEqual(response.status_code, 404)
+ @mock.patch('django.contrib.auth.admin.UserAdmin.has_change_permission')
+ def test_user_change_password_passes_user_to_has_change_permission(self, has_change_permission):
+ url = reverse('auth_test_admin:auth_user_password_change', args=(self.admin.pk,))
+ self.client.post(url, {'password1': 'password1', 'password2': 'password1'})
+ (_request, user), _kwargs = has_change_permission.call_args
+ self.assertEqual(user.pk, self.admin.pk)
+
@override_settings(
AUTH_USER_MODEL='auth_tests.UUIDUser',