summaryrefslogtreecommitdiff
path: root/tests
diff options
context:
space:
mode:
authorJavier Mansilla <jmansilla@machinalis.com>2013-02-23 15:44:54 -0300
committerRamiro Morales <cramm0@gmail.com>2013-03-04 13:30:59 -0300
commit3ea0c7d35ac461cb469170486683d10732eb534b (patch)
treefc2dc7dae4c08d545be12b4943f0f6af0b5a1ba1 /tests
parent51cc7029b96d028989e92a185a2f88b89283d287 (diff)
Fixed #19838 -- Admin: Don't leak a 500 HTTP status when trying to delete protected FKs.
Thanks rafadev for the report and Javier Mansilla for the fix.
Diffstat (limited to 'tests')
-rw-r--r--tests/admin_inlines/models.py8
-rw-r--r--tests/admin_inlines/tests.py40
2 files changed, 47 insertions, 1 deletions
diff --git a/tests/admin_inlines/models.py b/tests/admin_inlines/models.py
index 31f5ecc46c..82c1c3f078 100644
--- a/tests/admin_inlines/models.py
+++ b/tests/admin_inlines/models.py
@@ -128,8 +128,16 @@ class Novel(models.Model):
name = models.CharField(max_length=40)
class Chapter(models.Model):
+ name = models.CharField(max_length=40)
novel = models.ForeignKey(Novel)
+class FootNote(models.Model):
+ """
+ Model added for ticket 19838
+ """
+ chapter = models.ForeignKey(Chapter, on_delete=models.PROTECT)
+ note = models.CharField(max_length=40)
+
# Models for #16838
class CapoFamiglia(models.Model):
diff --git a/tests/admin_inlines/tests.py b/tests/admin_inlines/tests.py
index 91962bd821..714a2f1c61 100644
--- a/tests/admin_inlines/tests.py
+++ b/tests/admin_inlines/tests.py
@@ -12,7 +12,7 @@ from .admin import InnerInline, TitleInline, site
from .models import (Holder, Inner, Holder2, Inner2, Holder3, Inner3, Person,
OutfitItem, Fashionista, Teacher, Parent, Child, Author, Book, Profile,
ProfileCollection, ParentModelWithCustomPk, ChildModel1, ChildModel2,
- Sighting, Title)
+ Sighting, Title, Novel, Chapter, FootNote)
@override_settings(PASSWORD_HASHERS=('django.contrib.auth.hashers.SHA1PasswordHasher',))
@@ -250,6 +250,44 @@ class TestInlineAdminForm(TestCase):
parent_ct = ContentType.objects.get_for_model(Parent)
self.assertEqual(iaf.original.content_type, parent_ct)
+
+@override_settings(PASSWORD_HASHERS=('django.contrib.auth.hashers.SHA1PasswordHasher',))
+class TestInlineProtectedOnDelete(TestCase):
+ urls = "admin_inlines.urls"
+ fixtures = ['admin-views-users.xml']
+
+ def setUp(self):
+ result = self.client.login(username='super', password='secret')
+ self.assertEqual(result, True)
+
+ def tearDown(self):
+ self.client.logout()
+
+ def test_deleting_inline_with_protected_delete_does_not_validate(self):
+ lotr = Novel.objects.create(name='Lord of the rings')
+ chapter = Chapter.objects.create(novel=lotr, name='Many Meetings')
+ foot_note = FootNote.objects.create(chapter=chapter, note='yadda yadda')
+
+ change_url = '/admin/admin_inlines/novel/%i/' % lotr.id
+ response = self.client.get(change_url)
+ data = {
+ 'name': lotr.name,
+ 'chapter_set-TOTAL_FORMS': 1,
+ 'chapter_set-INITIAL_FORMS': 1,
+ 'chapter_set-MAX_NUM_FORMS': 1000,
+ '_save': 'Save',
+ 'chapter_set-0-id': chapter.id,
+ 'chapter_set-0-name': chapter.name,
+ 'chapter_set-0-novel': lotr.id,
+ 'chapter_set-0-DELETE': 'on'
+ }
+ response = self.client.post(change_url, data)
+ self.assertEqual(response.status_code, 200)
+ self.assertContains(response, "Deleting chapter %s would require deleting "
+ "the following protected related objects: foot note %s"
+ % (chapter, foot_note))
+
+
class TestInlinePermissions(TestCase):
"""
Make sure the admin respects permissions for objects that are edited