Fixed CVE-2019-19118 -- Required edit permissions on parent model for editable inlines in admin.

Thank you to Shen Ying for reporting this issue.
author: Carlton Gibson <carlton.gibson@noumenal.es> 2019-11-25 15:23:52 +0100
committer: Carlton Gibson <carlton.gibson@noumenal.es> 2019-12-02 08:57:44 +0100
commit: 092cd66cf3c3e175acce698d6ca2012068d878fa (patch)
tree: 7632a9bd92e8bdc07a6e2e082a895d6c7101e965 /tests/auth_tests/test_views.py
parent: db0cc4ae96c4752d10d98a3c7f2c48f813bf8a7f (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/tests/auth_tests/test_views.py b/tests/auth_tests/test_views.py
index 42acafd26d..ac39a79689 100644
--- a/tests/auth_tests/test_views.py
+++ b/tests/auth_tests/test_views.py
@@ -1262,7 +1262,7 @@ class ChangelistTests(AuthViewsTestCase):
         data['password'] = 'shouldnotchange'
         change_url = reverse('auth_test_admin:auth_user_change', args=(u.pk,))
         response = self.client.post(change_url, data)
-        self.assertRedirects(response, reverse('auth_test_admin:auth_user_changelist'))
+        self.assertEqual(response.status_code, 403)
         u.refresh_from_db()
         self.assertEqual(u.password, original_password)
author	Carlton Gibson <carlton.gibson@noumenal.es>	2019-11-25 15:23:52 +0100
committer	Carlton Gibson <carlton.gibson@noumenal.es>	2019-12-02 08:57:44 +0100
commit	092cd66cf3c3e175acce698d6ca2012068d878fa (patch)
tree	7632a9bd92e8bdc07a6e2e082a895d6c7101e965 /tests/auth_tests/test_views.py
parent	db0cc4ae96c4752d10d98a3c7f2c48f813bf8a7f (diff)