diff options
| author | Simon Charette <charette.s@gmail.com> | 2014-09-04 17:04:53 -0400 |
|---|---|---|
| committer | Simon Charette <charette.s@gmail.com> | 2014-09-08 13:54:21 -0400 |
| commit | 9c4fb019cb76eb3314357a18e225a63e113dc1fd (patch) | |
| tree | d3020b3d1bab953c8eb70a068e908db49991956a /tests/admin_views/tests.py | |
| parent | 813619405b4920c44f455b23ef407c6c66eb5746 (diff) | |
[1.7.x] Fixed #23431 -- Allowed inline and hidden references to admin fields.
This fixes a regression introduced by the 53ff096982 security fix.
Thanks to @a1tus for the report and Tim for the review.
refs #23329.
Backport of 342ccbddc1 from master
Diffstat (limited to 'tests/admin_views/tests.py')
| -rw-r--r-- | tests/admin_views/tests.py | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/tests/admin_views/tests.py b/tests/admin_views/tests.py index 03a2974260..867dc44627 100644 --- a/tests/admin_views/tests.py +++ b/tests/admin_views/tests.py @@ -621,11 +621,16 @@ class AdminViewBasicTest(AdminViewBasicTestCase): response = self.client.get("/test_admin/admin/admin_views/m2mreference/", {TO_FIELD_VAR: 'id'}) self.assertEqual(response.status_code, 200) - # Specifying a field that is not refered by any other model directly registered + # #23329 - Specifying a field that is not refered by any other model directly registered # to this admin site but registered through inheritance should be allowed. response = self.client.get("/test_admin/admin/admin_views/referencedbyparent/", {TO_FIELD_VAR: 'id'}) self.assertEqual(response.status_code, 200) + # #23431 - Specifying a field that is only refered to by a inline of a registered + # model should be allowed. + response = self.client.get("/test_admin/admin/admin_views/referencedbyinline/", {TO_FIELD_VAR: 'id'}) + self.assertEqual(response.status_code, 200) + # We also want to prevent the add and change view from leaking a # disallowed field value. with patch_logger('django.security.DisallowedModelAdminToField', 'error') as calls: |
