summaryrefslogtreecommitdiff
path: root/tests/admin_views/tests.py
diff options
context:
space:
mode:
authorSimon Charette <charette.s@gmail.com>2014-09-04 17:04:53 -0400
committerSimon Charette <charette.s@gmail.com>2014-09-08 13:54:21 -0400
commit9c4fb019cb76eb3314357a18e225a63e113dc1fd (patch)
treed3020b3d1bab953c8eb70a068e908db49991956a /tests/admin_views/tests.py
parent813619405b4920c44f455b23ef407c6c66eb5746 (diff)
[1.7.x] Fixed #23431 -- Allowed inline and hidden references to admin fields.
This fixes a regression introduced by the 53ff096982 security fix. Thanks to @a1tus for the report and Tim for the review. refs #23329. Backport of 342ccbddc1 from master
Diffstat (limited to 'tests/admin_views/tests.py')
-rw-r--r--tests/admin_views/tests.py7
1 files changed, 6 insertions, 1 deletions
diff --git a/tests/admin_views/tests.py b/tests/admin_views/tests.py
index 03a2974260..867dc44627 100644
--- a/tests/admin_views/tests.py
+++ b/tests/admin_views/tests.py
@@ -621,11 +621,16 @@ class AdminViewBasicTest(AdminViewBasicTestCase):
response = self.client.get("/test_admin/admin/admin_views/m2mreference/", {TO_FIELD_VAR: 'id'})
self.assertEqual(response.status_code, 200)
- # Specifying a field that is not refered by any other model directly registered
+ # #23329 - Specifying a field that is not refered by any other model directly registered
# to this admin site but registered through inheritance should be allowed.
response = self.client.get("/test_admin/admin/admin_views/referencedbyparent/", {TO_FIELD_VAR: 'id'})
self.assertEqual(response.status_code, 200)
+ # #23431 - Specifying a field that is only refered to by a inline of a registered
+ # model should be allowed.
+ response = self.client.get("/test_admin/admin/admin_views/referencedbyinline/", {TO_FIELD_VAR: 'id'})
+ self.assertEqual(response.status_code, 200)
+
# We also want to prevent the add and change view from leaking a
# disallowed field value.
with patch_logger('django.security.DisallowedModelAdminToField', 'error') as calls: