Ticket #11416: 11416-admin-caching.2.diff

django/contrib/admin/sites.py

@@ -182 +182 @@
             if not self.has_permission(request):
                 return self.login(request)
             return view(request, *args, **kwargs)
-        return update_wrapper(inner, view)
+        return never_cache(update_wrapper(inner, view))
 
     def get_urls(self):
         from django.conf.urls.defaults import patterns, url, include

tests/regressiontests/admin_views/tests.py

@@ -54 +54 @@
         response = self.client.get('/test_admin/%s/admin_views/section/add/' % self.urlbit)
         self.failUnlessEqual(response.status_code, 200)
 
+    def testMaxAgeModelAdminView(self):
+        """
+        Because cache time can be set by middleware, ensure max-age is explicity 0
+        (non-model-specific view)
+        """
+        response = self.client.get('/test_admin/%s/admin_views/' % self.urlbit)
+
+        from django.utils.cache import get_max_age
+        self.failUnlessEqual(get_max_age(response), 0)
+
+    def testMaxAgeModelView(self):
+        """
+        Because cache time can be set by middleware, ensure max-age is explicity 0
+        (model-specific view)
+        """
+        response = self.client.get('/test_admin/%s/admin_views/section/add/' % self.urlbit)
+
+        from django.utils.cache import get_max_age
+        self.failUnlessEqual(get_max_age(response), 0)
+
     def testAddWithGETArgs(self):
         response = self.client.get('/test_admin/%s/admin_views/section/add/' % self.urlbit, {'name': 'My Section'})
         self.failUnlessEqual(response.status_code, 200)

docs/ref/contrib/admin/index.txt

@@ -757 +757 @@
 
 .. note::
 
-    Notice that the custom patterns are included *before* the regular admin
+    Note how we included our custom patterns *before* the regular admin
     URLs: the admin URL patterns are very permissive and will match nearly
     anything, so you'll usually want to prepend your custom URLs to the built-in
     ones.
 
-Note, however, that the ``self.my_view`` function registered above will *not*
-have any permission check done; it'll be accessible to the general public. Since
-this is usually not what you want, Django provides a convience wrapper to check
-permissions. This wrapper is :meth:`AdminSite.admin_view` (i.e.
-``self.admin_site.admin_view`` inside a ``ModelAdmin`` instance); use it like
-so::
+However, the ``self.my_view`` function registered above suffers from two
+problems:
 
+  * It will *not* have any permission check done; it'll be accessible to the
+    general public.
+  * It is not being marked as a non-cacheable and so, if it gets data from the
+    database, it could show outdated information because of content caching being
+    applied when the caching middleware is active.
+
+Since this is usually not what you want, Django provides a convenience wrapper
+to check permissions and mark the view as non-cacheable. This wrapper is
+:meth:`AdminSite.admin_view` (i.e.  ``self.admin_site.admin_view`` inside a
+``ModelAdmin`` instance); use it like so::
+
     class MyModelAdmin(admin.ModelAdmin):
         def get_urls(self):
             urls = super(MyModelAdmin, self).get_urls()
@@ -781 +788 @@
 
     (r'^my_view/$', self.admin_site.admin_view(self.my_view))
 
-This wrapping will protect ``self.my_view`` from unauthorized access.
+This wrapping will protect ``self.my_view`` from unauthorized access and will
+apply the ``django.views.decorators.cache.never_cache`` decorator to make sure
+it is not cached if the cache middleware is active.
 
 .. method:: ModelAdmin.formfield_for_foreignkey(self, db_field, request, **kwargs)