Ticket #11513: 11513_adming_change_view_redirect.diff

File 11513_adming_change_view_redirect.diff, 5.7 KB (added by Julien Phalip, 14 years ago)
  • django/contrib/admin/options.py

    diff --git a/django/contrib/admin/options.py b/django/contrib/admin/options.py
    index f7b979b..42c1516 100644
    a b class ModelAdmin(BaseModelAdmin):  
    766766            return HttpResponseRedirect("../add/")
    767767        else:
    768768            self.message_user(request, msg)
    769             return HttpResponseRedirect("../")
     769            # Figure out where to redirect. If the user has change permission,
     770            # redirect to the change-list page for this object. Otherwise,
     771            # redirect to the admin index.
     772            if self.has_change_permission(request, None):
     773                return HttpResponseRedirect('../')
     774            else:
     775                return HttpResponseRedirect('../../../')
    770776
    771777    def response_action(self, request, queryset):
    772778        """
  • tests/regressiontests/admin_views/models.py

    diff --git a/tests/regressiontests/admin_views/models.py b/tests/regressiontests/admin_views/models.py
    index 60319ea..6ed76ea 100644
    a b class ArticleAdmin(admin.ModelAdmin):  
    133133        ).send()
    134134        return super(ArticleAdmin, self).save_model(request, obj, form, change)
    135135
     136class RowLevelChangePermissionModel(models.Model):
     137    name = models.CharField(max_length=100, blank=True)
     138   
     139class RowLevelChangePermissionModelAdmin(admin.ModelAdmin):
     140    def has_change_permission(self, request, obj=None):
     141        """ Only allow changing objects with even id number """
     142        return request.user.is_staff and (obj is not None) and (obj.id % 2 == 0)
    136143
    137144class CustomArticle(models.Model):
    138145    content = models.TextField()
    admin.site.register(CyclicOne)  
    706713admin.site.register(CyclicTwo)
    707714admin.site.register(WorkHour, WorkHourAdmin)
    708715admin.site.register(Reservation)
     716admin.site.register(RowLevelChangePermissionModel, RowLevelChangePermissionModelAdmin)
    709717
    710718# We intentionally register Promo and ChapterXtra1 but not Chapter nor ChapterXtra2.
    711719# That way we cover all four cases:
  • tests/regressiontests/admin_views/tests.py

    diff --git a/tests/regressiontests/admin_views/tests.py b/tests/regressiontests/admin_views/tests.py
    index acbbbfc..ab23356 100644
    a b from models import (Article, BarAccount, CustomArticle, EmptyModel,  
    3535    Person, Persona, Picture, Podcast, Section, Subscriber, Vodcast,
    3636    Language, Collector, Widget, Grommet, DooHickey, FancyDoodad, Whatsit,
    3737    Category, Post, Plot, FunkyTag, Chapter, Book, Promo, WorkHour, Employee,
    38     Question, Answer, Inquisition, Actor)
     38    Question, Answer, Inquisition, Actor, RowLevelChangePermissionModel)
    3939
    4040
    4141class AdminViewBasicTest(TestCase):
    class AdminViewPermissionsTest(TestCase):  
    792792                        'Plural error message not found in response to post with multiple errors.')
    793793        self.client.get('/test_admin/admin/logout/')
    794794
     795        # Test redirection when using row-level change permissions. Refs #11513.
     796        RowLevelChangePermissionModel.objects.create(name="odd id")
     797        RowLevelChangePermissionModel.objects.create(name="even id")
     798        for login_dict in [self.super_login, self.changeuser_login, self.adduser_login, self.deleteuser_login]:
     799            self.client.post('/test_admin/admin/', login_dict)
     800            request = self.client.get('/test_admin/admin/admin_views/rowlevelchangepermissionmodel/1/')
     801            self.assertEqual(request.status_code, 403)
     802            request = self.client.post('/test_admin/admin/admin_views/rowlevelchangepermissionmodel/1/', {'name': 'changed'})
     803            self.assertEquals(RowLevelChangePermissionModel.objects.get(id=1).name, 'odd id')
     804            self.assertEqual(request.status_code, 403)
     805            request = self.client.get('/test_admin/admin/admin_views/rowlevelchangepermissionmodel/2/')
     806            self.assertEqual(request.status_code, 200)
     807            request = self.client.post('/test_admin/admin/admin_views/rowlevelchangepermissionmodel/2/', {'name': 'changed'})
     808            self.assertEquals(RowLevelChangePermissionModel.objects.get(id=2).name, 'changed')
     809            self.assertRedirects(request, '/test_admin/admin/')
     810            self.client.get('/test_admin/admin/logout/')
     811        for login_dict in [self.joepublic_login, self.no_username_login]:
     812            self.client.post('/test_admin/admin/', login_dict)
     813            request = self.client.get('/test_admin/admin/admin_views/rowlevelchangepermissionmodel/1/')
     814            self.assertEqual(request.status_code, 200)
     815            self.assertContains(request, 'login-form')
     816            request = self.client.post('/test_admin/admin/admin_views/rowlevelchangepermissionmodel/1/', {'name': 'changed'})
     817            self.assertEquals(RowLevelChangePermissionModel.objects.get(id=1).name, 'odd id')
     818            self.assertEqual(request.status_code, 200)
     819            self.assertContains(request, 'login-form')
     820            request = self.client.get('/test_admin/admin/admin_views/rowlevelchangepermissionmodel/2/')
     821            self.assertEqual(request.status_code, 200)
     822            self.assertContains(request, 'login-form')
     823            request = self.client.post('/test_admin/admin/admin_views/rowlevelchangepermissionmodel/2/', {'name': 'changed again'})
     824            self.assertEquals(RowLevelChangePermissionModel.objects.get(id=2).name, 'changed')
     825            self.assertEqual(request.status_code, 200)
     826            self.assertContains(request, 'login-form')
     827            self.client.get('/test_admin/admin/logout/')
     828       
    795829    def testConditionallyShowAddSectionLink(self):
    796830        """
    797831        The foreign key widget should only show the "add related" button if the
Back to Top