diff options
| author | Javier Mansilla <jmansilla@machinalis.com> | 2013-02-23 15:44:54 -0300 |
|---|---|---|
| committer | Ramiro Morales <cramm0@gmail.com> | 2013-03-04 13:30:59 -0300 |
| commit | 3ea0c7d35ac461cb469170486683d10732eb534b (patch) | |
| tree | fc2dc7dae4c08d545be12b4943f0f6af0b5a1ba1 /tests | |
| parent | 51cc7029b96d028989e92a185a2f88b89283d287 (diff) | |
Fixed #19838 -- Admin: Don't leak a 500 HTTP status when trying to delete protected FKs.
Thanks rafadev for the report and Javier Mansilla for the fix.
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/admin_inlines/models.py | 8 | ||||
| -rw-r--r-- | tests/admin_inlines/tests.py | 40 |
2 files changed, 47 insertions, 1 deletions
diff --git a/tests/admin_inlines/models.py b/tests/admin_inlines/models.py index 31f5ecc46c..82c1c3f078 100644 --- a/tests/admin_inlines/models.py +++ b/tests/admin_inlines/models.py @@ -128,8 +128,16 @@ class Novel(models.Model): name = models.CharField(max_length=40) class Chapter(models.Model): + name = models.CharField(max_length=40) novel = models.ForeignKey(Novel) +class FootNote(models.Model): + """ + Model added for ticket 19838 + """ + chapter = models.ForeignKey(Chapter, on_delete=models.PROTECT) + note = models.CharField(max_length=40) + # Models for #16838 class CapoFamiglia(models.Model): diff --git a/tests/admin_inlines/tests.py b/tests/admin_inlines/tests.py index 91962bd821..714a2f1c61 100644 --- a/tests/admin_inlines/tests.py +++ b/tests/admin_inlines/tests.py @@ -12,7 +12,7 @@ from .admin import InnerInline, TitleInline, site from .models import (Holder, Inner, Holder2, Inner2, Holder3, Inner3, Person, OutfitItem, Fashionista, Teacher, Parent, Child, Author, Book, Profile, ProfileCollection, ParentModelWithCustomPk, ChildModel1, ChildModel2, - Sighting, Title) + Sighting, Title, Novel, Chapter, FootNote) @override_settings(PASSWORD_HASHERS=('django.contrib.auth.hashers.SHA1PasswordHasher',)) @@ -250,6 +250,44 @@ class TestInlineAdminForm(TestCase): parent_ct = ContentType.objects.get_for_model(Parent) self.assertEqual(iaf.original.content_type, parent_ct) + +@override_settings(PASSWORD_HASHERS=('django.contrib.auth.hashers.SHA1PasswordHasher',)) +class TestInlineProtectedOnDelete(TestCase): + urls = "admin_inlines.urls" + fixtures = ['admin-views-users.xml'] + + def setUp(self): + result = self.client.login(username='super', password='secret') + self.assertEqual(result, True) + + def tearDown(self): + self.client.logout() + + def test_deleting_inline_with_protected_delete_does_not_validate(self): + lotr = Novel.objects.create(name='Lord of the rings') + chapter = Chapter.objects.create(novel=lotr, name='Many Meetings') + foot_note = FootNote.objects.create(chapter=chapter, note='yadda yadda') + + change_url = '/admin/admin_inlines/novel/%i/' % lotr.id + response = self.client.get(change_url) + data = { + 'name': lotr.name, + 'chapter_set-TOTAL_FORMS': 1, + 'chapter_set-INITIAL_FORMS': 1, + 'chapter_set-MAX_NUM_FORMS': 1000, + '_save': 'Save', + 'chapter_set-0-id': chapter.id, + 'chapter_set-0-name': chapter.name, + 'chapter_set-0-novel': lotr.id, + 'chapter_set-0-DELETE': 'on' + } + response = self.client.post(change_url, data) + self.assertEqual(response.status_code, 200) + self.assertContains(response, "Deleting chapter %s would require deleting " + "the following protected related objects: foot note %s" + % (chapter, foot_note)) + + class TestInlinePermissions(TestCase): """ Make sure the admin respects permissions for objects that are edited |
