diff options
| author | Jon Dufresne <jon.dufresne@gmail.com> | 2018-08-12 07:51:23 -0700 |
|---|---|---|
| committer | Tim Graham <timograham@gmail.com> | 2018-08-17 11:13:06 -0400 |
| commit | 09ee3b6fe3c4d80bb445835f88148d6f48cde3ff (patch) | |
| tree | a90078f0af304d397297006e787811dd28192729 /tests/admin_views | |
| parent | 57f16655cd5031ef04bf5e310c9e1d31eff912ce (diff) | |
Fixed #29663 -- Made admin change view redirect to changelist with view permission.
Diffstat (limited to 'tests/admin_views')
| -rw-r--r-- | tests/admin_views/admin.py | 9 | ||||
| -rw-r--r-- | tests/admin_views/tests.py | 15 | ||||
| -rw-r--r-- | tests/admin_views/urls.py | 1 |
3 files changed, 25 insertions, 0 deletions
diff --git a/tests/admin_views/admin.py b/tests/admin_views/admin.py index ad29e6ea14..8565d04a05 100644 --- a/tests/admin_views/admin.py +++ b/tests/admin_views/admin.py @@ -1126,3 +1126,12 @@ class ArticleAdmin9(admin.ModelAdmin): site9 = admin.AdminSite(name='admin9') site9.register(Article, ArticleAdmin9) + + +class ArticleAdmin10(admin.ModelAdmin): + def has_change_permission(self, request, obj=None): + return False + + +site10 = admin.AdminSite(name='admin10') +site10.register(Article, ArticleAdmin10) diff --git a/tests/admin_views/tests.py b/tests/admin_views/tests.py index 83f94a3d2c..297d625376 100644 --- a/tests/admin_views/tests.py +++ b/tests/admin_views/tests.py @@ -1865,6 +1865,21 @@ class AdminViewPermissionsTest(TestCase): self.assertEqual(response.context['title'], 'View article') self.assertContains(response, '<a href="/test_admin/admin9/admin_views/article/" class="closelink">Close</a>') + def test_change_view_post_without_object_change_permission(self): + """A POST redirectS to changelist without modifications.""" + change_dict = { + 'title': 'Ikke fordømt', + 'content': '<p>edited article</p>', + 'date_0': '2008-03-18', 'date_1': '10:54:39', + 'section': self.s1.pk, + } + change_url = reverse('admin10:admin_views_article_change', args=(self.a1.pk,)) + changelist_url = reverse('admin10:admin_views_article_changelist') + self.client.force_login(self.viewuser) + response = self.client.post(change_url, change_dict) + self.assertRedirects(response, changelist_url) + self.assertEqual(Article.objects.get(pk=self.a1.pk).content, '<p>Middle content</p>') + def test_change_view_save_as_new(self): """ 'Save as new' should raise PermissionDenied for users without the 'add' diff --git a/tests/admin_views/urls.py b/tests/admin_views/urls.py index d02875cf56..545df313e4 100644 --- a/tests/admin_views/urls.py +++ b/tests/admin_views/urls.py @@ -17,6 +17,7 @@ urlpatterns = [ # All admin views accept `extra_context` to allow adding it like this: url(r'^test_admin/admin8/', (admin.site.get_urls(), 'admin', 'admin-extra-context'), {'extra_context': {}}), url(r'^test_admin/admin9/', admin.site9.urls), + url(r'^test_admin/admin10/', admin.site10.urls), url(r'^test_admin/has_permission_admin/', custom_has_permission_admin.site.urls), url(r'^test_admin/autocomplete_admin/', autocomplete_site.urls), ] |