summaryrefslogtreecommitdiff
path: root/tests
diff options
context:
space:
mode:
authorTim Graham <timograham@gmail.com>2018-12-31 09:18:26 -0500
committerTim Graham <timograham@gmail.com>2019-01-01 09:53:28 -0500
commit4e4b9521236c9238fc26a77b22acf75218702c54 (patch)
tree52b86a786a9e347a3bbe4650346e37f81ace8869 /tests
parent65ccb1b7e4be278f5d14a97d50bc8a4e94b3001d (diff)
[2.1.x] Fixed #30050 -- Fixed InlineModelAdmin.has_change_permission() called with non-None obj during add.
Thanks andreage for the report and suggested fix. Backport of 02c07be95c47efaab9da7422c33ee76142f11336 from master.
Diffstat (limited to 'tests')
-rw-r--r--tests/admin_views/tests.py19
1 files changed, 19 insertions, 0 deletions
diff --git a/tests/admin_views/tests.py b/tests/admin_views/tests.py
index a94bbbccfc..7ef07ff036 100644
--- a/tests/admin_views/tests.py
+++ b/tests/admin_views/tests.py
@@ -2,6 +2,7 @@ import datetime
import os
import re
import unittest
+from unittest import mock
from urllib.parse import parse_qsl, urljoin, urlparse
import pytz
@@ -1740,6 +1741,24 @@ class AdminViewPermissionsTest(TestCase):
# make sure the view removes test cookie
self.assertIs(self.client.session.test_cookie_worked(), False)
+ @mock.patch('django.contrib.admin.options.InlineModelAdmin.has_change_permission')
+ def test_add_view_with_view_only_inlines(self, has_change_permission):
+ """User with add permission to a section but view-only for inlines."""
+ self.viewuser.user_permissions.add(get_perm(Section, get_permission_codename('add', Section._meta)))
+ self.client.force_login(self.viewuser)
+ # Valid POST creates a new section.
+ data = {
+ 'name': 'New obj',
+ 'article_set-TOTAL_FORMS': 0,
+ 'article_set-INITIAL_FORMS': 0,
+ }
+ response = self.client.post(reverse('admin:admin_views_section_add'), data)
+ self.assertRedirects(response, reverse('admin:index'))
+ self.assertEqual(Section.objects.latest('id').name, data['name'])
+ # InlineModelAdmin.has_change_permission()'s obj argument is always
+ # None during object add.
+ self.assertEqual([obj for (request, obj), _ in has_change_permission.call_args_list], [None, None])
+
def test_change_view(self):
"""Change view should restrict access and allow users to edit items."""
change_dict = {'title': 'Ikke fordømt',