From c42e4e736a587dc9858fe55fb972aefaa065867d Mon Sep 17 00:00:00 2001 From: Simon Charette Date: Wed, 28 Oct 2015 11:25:25 -0400 Subject: Fixed #25622 -- Accounted for generic relations in the admin to field validation Thanks to Jonathan Liuti for the report and Tim Graham for the review. Conflicts: django/contrib/admin/options.py --- tests/admin_views/tests.py | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'tests/admin_views/tests.py') diff --git a/tests/admin_views/tests.py b/tests/admin_views/tests.py index 8e3255c99b..1997e01545 100644 --- a/tests/admin_views/tests.py +++ b/tests/admin_views/tests.py @@ -640,6 +640,14 @@ class AdminViewBasicTest(AdminViewBasicTestCase): response = self.client.get(reverse('admin:admin_views_referencedbyinline_changelist'), {TO_FIELD_VAR: 'name'}) self.assertEqual(response.status_code, 200) + # #25622 - Specifying a field of a model only referred by a generic + # relation should raise DisallowedModelAdminToField. + url = reverse('admin:admin_views_referencedbygenrel_changelist') + with patch_logger('django.security.DisallowedModelAdminToField', 'error') as calls: + response = self.client.get(url, {TO_FIELD_VAR: 'object_id'}) + self.assertEqual(response.status_code, 400) + self.assertEqual(len(calls), 1) + # We also want to prevent the add, change, and delete views from # leaking a disallowed field value. with patch_logger('django.security.DisallowedModelAdminToField', 'error') as calls: -- cgit v1.3