diff options
| author | Simon Charette <charette.s@gmail.com> | 2015-10-28 11:25:25 -0400 |
|---|---|---|
| committer | Simon Charette <charette.s@gmail.com> | 2015-10-29 13:20:44 -0400 |
| commit | c42e4e736a587dc9858fe55fb972aefaa065867d (patch) | |
| tree | 2cdd1cc4702d2622dd65557a4387732177862104 /tests/admin_views/tests.py | |
| parent | 540de2f7972c6aa68fbf36c6a0da137d768f2067 (diff) | |
Fixed #25622 -- Accounted for generic relations in the admin to field validation
Thanks to Jonathan Liuti for the report and Tim Graham for the review.
Conflicts:
django/contrib/admin/options.py
Diffstat (limited to 'tests/admin_views/tests.py')
| -rw-r--r-- | tests/admin_views/tests.py | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/tests/admin_views/tests.py b/tests/admin_views/tests.py index 8e3255c99b..1997e01545 100644 --- a/tests/admin_views/tests.py +++ b/tests/admin_views/tests.py @@ -640,6 +640,14 @@ class AdminViewBasicTest(AdminViewBasicTestCase): response = self.client.get(reverse('admin:admin_views_referencedbyinline_changelist'), {TO_FIELD_VAR: 'name'}) self.assertEqual(response.status_code, 200) + # #25622 - Specifying a field of a model only referred by a generic + # relation should raise DisallowedModelAdminToField. + url = reverse('admin:admin_views_referencedbygenrel_changelist') + with patch_logger('django.security.DisallowedModelAdminToField', 'error') as calls: + response = self.client.get(url, {TO_FIELD_VAR: 'object_id'}) + self.assertEqual(response.status_code, 400) + self.assertEqual(len(calls), 1) + # We also want to prevent the add, change, and delete views from # leaking a disallowed field value. with patch_logger('django.security.DisallowedModelAdminToField', 'error') as calls: |
