diff options
| author | Simon Charette <charette.s@gmail.com> | 2015-10-28 11:25:25 -0400 |
|---|---|---|
| committer | Simon Charette <charette.s@gmail.com> | 2015-10-29 13:15:40 -0400 |
| commit | 6eaf43a24471f98939da18d031b4f0b4e49640c6 (patch) | |
| tree | 5e76b8edea671b999710e2f6d362d5fd9516b12a /tests/admin_views | |
| parent | 6bb9f51ab8e3cc56b05238ea012763ba775ab896 (diff) | |
[1.9.x] Fixed #25622 -- Accounted for generic relations in the admin to field validation
Thanks to Jonathan Liuti for the report and Tim Graham for the review.
Backport of 9dcfecb7c6c8285630ad271888a9ec4ba9140e3a from master
Diffstat (limited to 'tests/admin_views')
| -rw-r--r-- | tests/admin_views/admin.py | 27 | ||||
| -rw-r--r-- | tests/admin_views/models.py | 11 | ||||
| -rw-r--r-- | tests/admin_views/tests.py | 8 |
3 files changed, 34 insertions, 12 deletions
diff --git a/tests/admin_views/admin.py b/tests/admin_views/admin.py index ca114680d0..2f4cc88d12 100644 --- a/tests/admin_views/admin.py +++ b/tests/admin_views/admin.py @@ -31,18 +31,19 @@ from .models import ( EmptyModelHidden, EmptyModelMixin, EmptyModelVisible, ExplicitlyProvidedPK, ExternalSubscriber, Fabric, FancyDoodad, FieldOverridePost, FilteredManager, FooAccount, FoodDelivery, FunkyTag, Gadget, Gallery, - Grommet, ImplicitlyGeneratedPK, Ingredient, InlineReference, InlineReferer, - Inquisition, Language, Link, MainPrepopulated, ModelWithStringPrimaryKey, - NotReferenced, OldSubscriber, OtherStory, Paper, Parent, - ParentWithDependentChildren, Person, Persona, Picture, Pizza, Plot, - PlotDetails, PluggableSearchPerson, Podcast, Post, PrePopulatedPost, - PrePopulatedPostLargeSlug, PrePopulatedSubPost, Promo, Question, Recipe, - Recommendation, Recommender, ReferencedByInline, ReferencedByParent, - RelatedPrepopulated, Report, Reservation, Restaurant, - RowLevelChangePermissionModel, Section, ShortMessage, Simple, Sketch, - State, Story, StumpJoke, Subscriber, SuperVillain, Telegram, Thing, - Topping, UnchangeableObject, UndeletableObject, UnorderedObject, - UserMessenger, Villain, Vodcast, Whatsit, Widget, Worker, WorkHour, + GenRelReference, Grommet, ImplicitlyGeneratedPK, Ingredient, + InlineReference, InlineReferer, Inquisition, Language, Link, + MainPrepopulated, ModelWithStringPrimaryKey, NotReferenced, OldSubscriber, + OtherStory, Paper, Parent, ParentWithDependentChildren, Person, Persona, + Picture, Pizza, Plot, PlotDetails, PluggableSearchPerson, Podcast, Post, + PrePopulatedPost, PrePopulatedPostLargeSlug, PrePopulatedSubPost, Promo, + Question, Recipe, Recommendation, Recommender, ReferencedByGenRel, + ReferencedByInline, ReferencedByParent, RelatedPrepopulated, Report, + Reservation, Restaurant, RowLevelChangePermissionModel, Section, + ShortMessage, Simple, Sketch, State, Story, StumpJoke, Subscriber, + SuperVillain, Telegram, Thing, Topping, UnchangeableObject, + UndeletableObject, UnorderedObject, UserMessenger, Villain, Vodcast, + Whatsit, Widget, Worker, WorkHour, ) @@ -944,6 +945,8 @@ site.register(ReferencedByParent) site.register(ChildOfReferer) site.register(ReferencedByInline) site.register(InlineReferer, InlineRefererAdmin) +site.register(ReferencedByGenRel) +site.register(GenRelReference) # We intentionally register Promo and ChapterXtra1 but not Chapter nor ChapterXtra2. # That way we cover all four cases: diff --git a/tests/admin_views/models.py b/tests/admin_views/models.py index 1199da3973..3ecaf57b6d 100644 --- a/tests/admin_views/models.py +++ b/tests/admin_views/models.py @@ -938,3 +938,14 @@ class ExplicitlyProvidedPK(models.Model): class ImplicitlyGeneratedPK(models.Model): name = models.IntegerField(unique=True) + + +# Models for #25622 +class ReferencedByGenRel(models.Model): + content_type = models.ForeignKey(ContentType, on_delete=models.CASCADE) + object_id = models.PositiveIntegerField() + content_object = GenericForeignKey('content_type', 'object_id') + + +class GenRelReference(models.Model): + references = GenericRelation(ReferencedByGenRel) diff --git a/tests/admin_views/tests.py b/tests/admin_views/tests.py index ab8c68c666..cab70c6c23 100644 --- a/tests/admin_views/tests.py +++ b/tests/admin_views/tests.py @@ -725,6 +725,14 @@ class AdminViewBasicTest(AdminViewBasicTestCase): response = self.client.get(reverse('admin:admin_views_referencedbyinline_changelist'), {TO_FIELD_VAR: 'name'}) self.assertEqual(response.status_code, 200) + # #25622 - Specifying a field of a model only referred by a generic + # relation should raise DisallowedModelAdminToField. + url = reverse('admin:admin_views_referencedbygenrel_changelist') + with patch_logger('django.security.DisallowedModelAdminToField', 'error') as calls: + response = self.client.get(url, {TO_FIELD_VAR: 'object_id'}) + self.assertEqual(response.status_code, 400) + self.assertEqual(len(calls), 1) + # We also want to prevent the add, change, and delete views from # leaking a disallowed field value. with patch_logger('django.security.DisallowedModelAdminToField', 'error') as calls: |