Ticket #11191: 11191.4.diff
| File 11191.4.diff, 3.8 KB (added by , 15 years ago) |
|---|
-
django/contrib/admin/options.py
6 6 from django.contrib.admin import widgets 7 7 from django.contrib.admin import helpers 8 8 from django.contrib.admin.util import unquote, flatten_fieldsets, get_deleted_objects, model_ngettext, model_format_dict 9 from django.core.exceptions import PermissionDenied 9 from django.core.exceptions import PermissionDenied, ValidationError 10 10 from django.db import models, transaction 11 11 from django.db.models.fields import BLANK_CHOICE_DASH 12 12 from django.http import Http404, HttpResponse, HttpResponseRedirect … … 347 347 defaults.update(kwargs) 348 348 return modelform_factory(self.model, **defaults) 349 349 350 def get_object(self, request, object_id): 351 """ 352 Returns an instance matching the primary key provided. ``None`` is 353 returned if no match is found (or the object_id failed validation 354 against the primary key field). 355 """ 356 queryset = self.queryset(request) 357 model = queryset.model 358 try: 359 object_id = model._meta.pk.to_python(object_id) 360 return queryset.get(pk=object_id) 361 except (model.DoesNotExist, ValidationError): 362 return None 363 350 364 def get_changelist_form(self, request, **kwargs): 351 365 """ 352 366 Returns a Form class for use in the Formset on the changelist page. … … 788 802 model = self.model 789 803 opts = model._meta 790 804 791 try: 792 obj = self.queryset(request).get(pk=unquote(object_id)) 793 except model.DoesNotExist: 794 # Don't raise Http404 just yet, because we haven't checked 795 # permissions yet. We don't want an unauthenticated user to be able 796 # to determine whether a given object exists. 797 obj = None 805 obj = self.get_object(request, unquote(object_id)) 798 806 799 807 if not self.has_change_permission(request, obj): 800 808 raise PermissionDenied … … 988 996 opts = self.model._meta 989 997 app_label = opts.app_label 990 998 991 try: 992 obj = self.queryset(request).get(pk=unquote(object_id)) 993 except self.model.DoesNotExist: 994 # Don't raise Http404 just yet, because we haven't checked 995 # permissions yet. We don't want an unauthenticated user to be able 996 # to determine whether a given object exists. 997 obj = None 999 obj = self.get_object(request, unquote(object_id)) 998 1000 999 1001 if not self.has_delete_permission(request, obj): 1000 1002 raise PermissionDenied -
tests/regressiontests/admin_views/tests.py
63 63 64 64 def testBasicEditGet(self): 65 65 """ 66 A smoke test to ensure GET on the change_view works.66 A smoke test to ensure GET on the change_view works. 67 67 """ 68 68 response = self.client.get('/test_admin/%s/admin_views/section/1/' % self.urlbit) 69 69 self.failUnlessEqual(response.status_code, 200) 70 70 71 def testBasicEditGetStringPK(self): 72 """ 73 A smoke test to ensure GET on the change_view works (returns an HTTP 74 404 error, see #11191) when passing a string as the PK argument for a 75 model with an integer PK field. 76 """ 77 response = self.client.get('/test_admin/%s/admin_views/section/abc/' % self.urlbit) 78 self.failUnlessEqual(response.status_code, 404) 79 71 80 def testBasicAddPost(self): 72 81 """ 73 82 A smoke test to ensure POST on add_view works.