diff options
| author | Sylvain Fankhauser <sephi@fhtagn.top> | 2022-12-07 11:23:13 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-12-07 11:23:13 +0100 |
| commit | 0036bcdcb65874f63fff8139fe86574fa155eb26 (patch) | |
| tree | 95d328304468518fe4573f1067eb73f75034c27e /docs | |
| parent | e44d348c99f0a449180399045ac54b3909121a03 (diff) | |
Fixed #34172 -- Improved ModelAdmin.get_urls example.
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/ref/contrib/admin/index.txt | 47 |
1 files changed, 15 insertions, 32 deletions
diff --git a/docs/ref/contrib/admin/index.txt b/docs/ref/contrib/admin/index.txt index 1c539f971c..9303f17626 100644 --- a/docs/ref/contrib/admin/index.txt +++ b/docs/ref/contrib/admin/index.txt @@ -1565,7 +1565,8 @@ templates used by the :class:`ModelAdmin` views: The ``get_urls`` method on a ``ModelAdmin`` returns the URLs to be used for that ModelAdmin in the same way as a URLconf. Therefore you can extend - them as documented in :doc:`/topics/http/urls`:: + them as documented in :doc:`/topics/http/urls`, using the + ``AdminSite.admin_view()`` wrapper on your views:: from django.contrib import admin from django.template.response import TemplateResponse @@ -1575,7 +1576,7 @@ templates used by the :class:`ModelAdmin` views: def get_urls(self): urls = super().get_urls() my_urls = [ - path('my_view/', self.my_view), + path('my_view/', self.admin_site.admin_view(self.my_view)) ] return my_urls + urls @@ -1600,6 +1601,18 @@ templates used by the :class:`ModelAdmin` views: .. note:: + Notice how the ``self.my_view`` function is wrapped in + ``self.admin_site.admin_view``. This is important, since it ensures two + things: + + #. Permission checks are run, ensuring only active staff users can + access the view. + #. The :func:`django.views.decorators.cache.never_cache` decorator is + applied to prevent caching, ensuring the returned information is + up-to-date. + + .. note:: + Notice that the custom patterns are included *before* the regular admin URLs: the admin URL patterns are very permissive and will match nearly anything, so you'll usually want to prepend your custom URLs to the @@ -1609,36 +1622,6 @@ templates used by the :class:`ModelAdmin` views: ``/admin/myapp/mymodel/my_view/`` (assuming the admin URLs are included at ``/admin/``.) - However, the ``self.my_view`` function registered above suffers from two - problems: - - * It will *not* perform any permission checks, so it will be accessible - to the general public. - * It will *not* provide any header details to prevent caching. This means - if the page retrieves data from the database, and caching middleware is - active, the page could show outdated information. - - Since this is usually not what you want, Django provides a convenience - wrapper to check permissions and mark the view as non-cacheable. This - wrapper is ``AdminSite.admin_view()`` (i.e. ``self.admin_site.admin_view`` - inside a ``ModelAdmin`` instance); use it like so:: - - class MyModelAdmin(admin.ModelAdmin): - def get_urls(self): - urls = super().get_urls() - my_urls = [ - path('my_view/', self.admin_site.admin_view(self.my_view)) - ] - return my_urls + urls - - Notice the wrapped view in the fifth line above:: - - path('my_view/', self.admin_site.admin_view(self.my_view)) - - This wrapping will protect ``self.my_view`` from unauthorized access and - will apply the :func:`django.views.decorators.cache.never_cache` decorator to - make sure it is not cached if the cache middleware is active. - If the page is cacheable, but you still want the permission check to be performed, you can pass a ``cacheable=True`` argument to ``AdminSite.admin_view()``:: |
