diff options
| author | Artyom Kotovskiy <artyomkotovskiy@gmail.com> | 2026-04-25 00:00:31 -0400 |
|---|---|---|
| committer | Jacob Walls <jacobtylerwalls@gmail.com> | 2026-04-28 13:44:04 -0400 |
| commit | 5b3cfce51770f46c6dc100e9be7f199a37176762 (patch) | |
| tree | 100cdc72934c5992d34f75ab43a085f6ba3dadc5 /tests/admin_views/tests.py | |
| parent | f3ff680c768a313d34eb2e15eb7322edec60920c (diff) | |
Refs #15759 -- Fixed ModelAdmin.list_editable form submission for non-editable instances.
Added formset that excludes objects for which
user has no permission for POST formset as well.
Fixed regression test: the test was not simulating
real behaviour properly. By providing full form
data for the post request we skipped the part
where the user was actually limited in permissions
and only modified some of the rows.
Improved tests by getting rid of obj.id % 2
approach for granting permissions per object
for users, since it is not the safest.
Instead granting permissions simply by 'alive'
parameter, which is simpler and more stable.
Bug in 84db026228413dda4cd195464554d51c0b208e32.
Diffstat (limited to 'tests/admin_views/tests.py')
| -rw-r--r-- | tests/admin_views/tests.py | 36 |
1 files changed, 19 insertions, 17 deletions
diff --git a/tests/admin_views/tests.py b/tests/admin_views/tests.py index 1fdb90822c..3dba13d185 100644 --- a/tests/admin_views/tests.py +++ b/tests/admin_views/tests.py @@ -5076,14 +5076,14 @@ class AdminViewListEditable(TestCase): self.client.force_login(self.superuser) response = self.client.get(reverse("admin9:admin_views_person_changelist")) - # Editable fields present - self.assertContains(response, 'name="form-1-gender"') - self.assertContains(response, 'name="form-1-alive"') - # Non-editable fields should NOT have inputs - self.assertNotContains(response, 'name="form-0-gender"') - self.assertNotContains(response, 'name="form-0-alive"') - self.assertNotContains(response, 'name="form-2-gender"') - self.assertNotContains(response, 'name="form-2-alive"') + # Non-editable fields should NOT have inputs. + self.assertNotContains(response, 'name="form-1-gender"') + self.assertNotContains(response, 'name="form-1-alive"') + # Editable fields are present. + self.assertContains(response, 'name="form-0-gender"') + self.assertContains(response, 'name="form-0-alive"') + self.assertContains(response, 'name="form-2-gender"') + self.assertContains(response, 'name="form-2-alive"') def test_list_editable_per_object_permissions_submission(self): """ @@ -5092,26 +5092,28 @@ class AdminViewListEditable(TestCase): """ self.client.logout() self.client.force_login(self.superuser) - + # Skip the instance lacking edit permission (include only its id). data = { "form-TOTAL_FORMS": "3", "form-INITIAL_FORMS": "3", "form-MAX_NUM_FORMS": "0", - "form-0-gender": "2", # Change per1 (not allowed) + "form-0-gender": "2", + "form-0-alive": "checked", "form-0-id": str(self.per1.pk), - "form-1-gender": "2", # Change per2 (allowed) - "form-1-id": str(self.per2.pk), - "form-2-gender": "2", # Change per3 (not allowed) + "form-1-id": str(self.per2.pk), # not editable + "form-2-gender": "2", + "form-2-alive": "checked", "form-2-id": str(self.per3.pk), "_save": "Save", } response = self.client.post( reverse("admin9:admin_views_person_changelist"), data, follow=True ) - # per2 and per3 were updated, but per1 was not - self.assertEqual(Person.objects.get(pk=self.per1.pk).gender, 1) # Unchanged - self.assertEqual(Person.objects.get(pk=self.per2.pk).gender, 2) - self.assertEqual(Person.objects.get(pk=self.per3.pk).gender, 1) # Unchanged + # per1 and per3 were updated, but per2 was not. + self.assertEqual(Person.objects.get(pk=self.per1.pk).gender, 2) + self.assertEqual(Person.objects.get(pk=self.per2.pk).gender, 1) # Unchanged + self.assertEqual(Person.objects.get(pk=self.per3.pk).gender, 2) + # Check for success message self.assertEqual(len(response.context["messages"]), 1) |