Author: ramiro
Date: 2011-01-12 17:25:33 -0600 (Wed, 12 Jan 2011)
New Revision: 15177
Modified:
django/branches/releases/1.2.X/django/contrib/admin/options.py
django/branches/releases/1.2.X/tests/regressiontests/admin_views/models.py
django/branches/releases/1.2.X/tests/regressiontests/admin_views/tests.py
Log:
[1.2.X] Fixed #15032 -- Replaced 1.2.X implementation of admin changelist
filtering security fix (r15031/r15033) with the one from trunk so another valid
filter usage scenario (using model inheritance) is still possible. Thanks rene
for reporting this.
Modified: django/branches/releases/1.2.X/django/contrib/admin/options.py
===================================================================
--- django/branches/releases/1.2.X/django/contrib/admin/options.py
2011-01-12 20:45:01 UTC (rev 15176)
+++ django/branches/releases/1.2.X/django/contrib/admin/options.py
2011-01-12 23:25:33 UTC (rev 15177)
@@ -195,8 +195,21 @@
# Special case -- foo__id__exact and foo__id queries are implied
# if foo has been specificially included in the lookup list; so
- # drop __id if it is the last part.
- if len(parts) > 1 and parts[-1] == self.model._meta.pk.name:
+ # drop __id if it is the last part. However, first we need to find
+ # the pk attribute name.
+ model = self.model
+ pk_attr_name = None
+ for part in parts[:-1]:
+ field, _, _, _ = model._meta.get_field_by_name(part)
+ if hasattr(field, 'rel'):
+ model = field.rel.to
+ pk_attr_name = model._meta.pk.name
+ elif isinstance(field, RelatedObject):
+ model = field.model
+ pk_attr_name = model._meta.pk.name
+ else:
+ pk_attr_name = None
+ if pk_attr_name and len(parts) > 1 and parts[-1] == pk_attr_name:
parts.pop()
try:
Modified:
django/branches/releases/1.2.X/tests/regressiontests/admin_views/models.py
===================================================================
--- django/branches/releases/1.2.X/tests/regressiontests/admin_views/models.py
2011-01-12 20:45:01 UTC (rev 15176)
+++ django/branches/releases/1.2.X/tests/regressiontests/admin_views/models.py
2011-01-12 23:25:33 UTC (rev 15177)
@@ -588,6 +588,17 @@
class AlbumAdmin(admin.ModelAdmin):
list_filter = ['title']
+class Employee(Person):
+ code = models.CharField(max_length=20)
+
+class WorkHour(models.Model):
+ datum = models.DateField()
+ employee = models.ForeignKey(Employee)
+
+class WorkHourAdmin(admin.ModelAdmin):
+ list_display = ('datum', 'employee')
+ list_filter = ('employee',)
+
admin.site.register(Article, ArticleAdmin)
admin.site.register(CustomArticle, CustomArticleAdmin)
admin.site.register(Section, save_as=True, inlines=[ArticleInline])
@@ -619,6 +630,7 @@
admin.site.register(PlotDetails)
admin.site.register(CyclicOne)
admin.site.register(CyclicTwo)
+admin.site.register(WorkHour, WorkHourAdmin)
# We intentionally register Promo and ChapterXtra1 but not Chapter nor
ChapterXtra2.
# That way we cover all four cases:
Modified:
django/branches/releases/1.2.X/tests/regressiontests/admin_views/tests.py
===================================================================
--- django/branches/releases/1.2.X/tests/regressiontests/admin_views/tests.py
2011-01-12 20:45:01 UTC (rev 15176)
+++ django/branches/releases/1.2.X/tests/regressiontests/admin_views/tests.py
2011-01-12 23:25:33 UTC (rev 15177)
@@ -28,7 +28,7 @@
FooAccount, Gallery, ModelWithStringPrimaryKey, \
Person, Persona, Picture, Podcast, Section, Subscriber, Vodcast, \
Language, Collector, Widget, Grommet, DooHickey, FancyDoodad, Whatsit, \
- Category, Post, Plot, FunkyTag
+ Category, Post, Plot, FunkyTag, WorkHour, Employee
class AdminViewBasicTest(TestCase):
@@ -311,6 +311,16 @@
except SuspiciousOperation:
self.fail("Filters should be allowed if they involve a local field
without the need to whitelist them in list_filter or date_hierarchy.")
+ e1 = Employee.objects.create(name='Anonymous', gender=1, age=22,
alive=True, code='123')
+ e2 = Employee.objects.create(name='Visitor', gender=2, age=19,
alive=True, code='124')
+ WorkHour.objects.create(datum=datetime.datetime.now(), employee=e1)
+ WorkHour.objects.create(datum=datetime.datetime.now(), employee=e2)
+ response = self.client.get("/test_admin/admin/admin_views/workhour/")
+ self.assertEqual(response.status_code, 200)
+ self.assertContains(response, 'employee__person_ptr__exact')
+ response =
self.client.get("/test_admin/admin/admin_views/workhour/?employee__person_ptr__exact=%d"
% e1.pk)
+ self.assertEqual(response.status_code, 200)
+
class SaveAsTests(TestCase):
fixtures = ['admin-views-users.xml','admin-views-person.xml']
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en.
