Fixed #25622 -- Accounted for generic relations in the admin to field validation

Thanks to Jonathan Liuti for the report and Tim Graham for the review.
author: Simon Charette <charette.s@gmail.com> 2015-10-28 11:25:25 -0400
committer: Simon Charette <charette.s@gmail.com> 2015-10-29 13:13:19 -0400
commit: 9dcfecb7c6c8285630ad271888a9ec4ba9140e3a (patch)
tree: 5a07456f15ff503d1751130f9046721edf3cd479 /tests/admin_views
parent: 96fe90f5356971e0e51a0bc41e045dde600d7521 (diff)
3 files changed, 34 insertions, 12 deletions
diff --git a/tests/admin_views/admin.py b/tests/admin_views/admin.py
index ca114680d0..2f4cc88d12 100644
--- a/tests/admin_views/admin.py
+++ b/tests/admin_views/admin.py
@@ -31,18 +31,19 @@ from .models import (
     EmptyModelHidden, EmptyModelMixin, EmptyModelVisible, ExplicitlyProvidedPK,
     ExternalSubscriber, Fabric, FancyDoodad, FieldOverridePost,
     FilteredManager, FooAccount, FoodDelivery, FunkyTag, Gadget, Gallery,
-    Grommet, ImplicitlyGeneratedPK, Ingredient, InlineReference, InlineReferer,
-    Inquisition, Language, Link, MainPrepopulated, ModelWithStringPrimaryKey,
-    NotReferenced, OldSubscriber, OtherStory, Paper, Parent,
-    ParentWithDependentChildren, Person, Persona, Picture, Pizza, Plot,
-    PlotDetails, PluggableSearchPerson, Podcast, Post, PrePopulatedPost,
-    PrePopulatedPostLargeSlug, PrePopulatedSubPost, Promo, Question, Recipe,
-    Recommendation, Recommender, ReferencedByInline, ReferencedByParent,
-    RelatedPrepopulated, Report, Reservation, Restaurant,
-    RowLevelChangePermissionModel, Section, ShortMessage, Simple, Sketch,
-    State, Story, StumpJoke, Subscriber, SuperVillain, Telegram, Thing,
-    Topping, UnchangeableObject, UndeletableObject, UnorderedObject,
-    UserMessenger, Villain, Vodcast, Whatsit, Widget, Worker, WorkHour,
+    GenRelReference, Grommet, ImplicitlyGeneratedPK, Ingredient,
+    InlineReference, InlineReferer, Inquisition, Language, Link,
+    MainPrepopulated, ModelWithStringPrimaryKey, NotReferenced, OldSubscriber,
+    OtherStory, Paper, Parent, ParentWithDependentChildren, Person, Persona,
+    Picture, Pizza, Plot, PlotDetails, PluggableSearchPerson, Podcast, Post,
+    PrePopulatedPost, PrePopulatedPostLargeSlug, PrePopulatedSubPost, Promo,
+    Question, Recipe, Recommendation, Recommender, ReferencedByGenRel,
+    ReferencedByInline, ReferencedByParent, RelatedPrepopulated, Report,
+    Reservation, Restaurant, RowLevelChangePermissionModel, Section,
+    ShortMessage, Simple, Sketch, State, Story, StumpJoke, Subscriber,
+    SuperVillain, Telegram, Thing, Topping, UnchangeableObject,
+    UndeletableObject, UnorderedObject, UserMessenger, Villain, Vodcast,
+    Whatsit, Widget, Worker, WorkHour,
 )
 
 
@@ -944,6 +945,8 @@ site.register(ReferencedByParent)
 site.register(ChildOfReferer)
 site.register(ReferencedByInline)
 site.register(InlineReferer, InlineRefererAdmin)
+site.register(ReferencedByGenRel)
+site.register(GenRelReference)
 
 # We intentionally register Promo and ChapterXtra1 but not Chapter nor ChapterXtra2.
 # That way we cover all four cases:
diff --git a/tests/admin_views/models.py b/tests/admin_views/models.py
index 1199da3973..3ecaf57b6d 100644
--- a/tests/admin_views/models.py
+++ b/tests/admin_views/models.py
@@ -938,3 +938,14 @@ class ExplicitlyProvidedPK(models.Model):
 
 class ImplicitlyGeneratedPK(models.Model):
     name = models.IntegerField(unique=True)
+
+
+# Models for #25622
+class ReferencedByGenRel(models.Model):
+    content_type = models.ForeignKey(ContentType, on_delete=models.CASCADE)
+    object_id = models.PositiveIntegerField()
+    content_object = GenericForeignKey('content_type', 'object_id')
+
+
+class GenRelReference(models.Model):
+    references = GenericRelation(ReferencedByGenRel)
diff --git a/tests/admin_views/tests.py b/tests/admin_views/tests.py
index 501edcad57..b6db228809 100644
--- a/tests/admin_views/tests.py
+++ b/tests/admin_views/tests.py
@@ -725,6 +725,14 @@ class AdminViewBasicTest(AdminViewBasicTestCase):
         response = self.client.get(reverse('admin:admin_views_referencedbyinline_changelist'), {TO_FIELD_VAR: 'name'})
         self.assertEqual(response.status_code, 200)
 
+        # #25622 - Specifying a field of a model only referred by a generic
+        # relation should raise DisallowedModelAdminToField.
+        url = reverse('admin:admin_views_referencedbygenrel_changelist')
+        with patch_logger('django.security.DisallowedModelAdminToField', 'error') as calls:
+            response = self.client.get(url, {TO_FIELD_VAR: 'object_id'})
+            self.assertEqual(response.status_code, 400)
+            self.assertEqual(len(calls), 1)
+
         # We also want to prevent the add, change, and delete views from
         # leaking a disallowed field value.
         with patch_logger('django.security.DisallowedModelAdminToField', 'error') as calls:
author	Simon Charette <charette.s@gmail.com>	2015-10-28 11:25:25 -0400
committer	Simon Charette <charette.s@gmail.com>	2015-10-29 13:13:19 -0400
commit	9dcfecb7c6c8285630ad271888a9ec4ba9140e3a (patch)
tree	5a07456f15ff503d1751130f9046721edf3cd479 /tests/admin_views
parent	96fe90f5356971e0e51a0bc41e045dde600d7521 (diff)