Author: ramiro
Date: 2011-01-12 17:30:47 -0600 (Wed, 12 Jan 2011)
New Revision: 15178
Modified:
django/trunk/tests/regressiontests/admin_views/models.py
django/trunk/tests/regressiontests/admin_views/tests.py
Log:
Added tests demonstrating that filtering lookup expression that involve model
with inheritance schemes aren't incorrectly blacklisted by the r15031 security
fix. Refs. #15032.
Modified: django/trunk/tests/regressiontests/admin_views/models.py
===================================================================
--- django/trunk/tests/regressiontests/admin_views/models.py 2011-01-12
23:25:33 UTC (rev 15177)
+++ django/trunk/tests/regressiontests/admin_views/models.py 2011-01-12
23:30:47 UTC (rev 15178)
@@ -615,6 +615,17 @@
class AlbumAdmin(admin.ModelAdmin):
list_filter = ['title']
+class Employee(Person):
+ code = models.CharField(max_length=20)
+
+class WorkHour(models.Model):
+ datum = models.DateField()
+ employee = models.ForeignKey(Employee)
+
+class WorkHourAdmin(admin.ModelAdmin):
+ list_display = ('datum', 'employee')
+ list_filter = ('employee',)
+
admin.site.register(Article, ArticleAdmin)
admin.site.register(CustomArticle, CustomArticleAdmin)
admin.site.register(Section, save_as=True, inlines=[ArticleInline])
@@ -646,6 +657,7 @@
admin.site.register(PlotDetails)
admin.site.register(CyclicOne)
admin.site.register(CyclicTwo)
+admin.site.register(WorkHour, WorkHourAdmin)
# We intentionally register Promo and ChapterXtra1 but not Chapter nor
ChapterXtra2.
# That way we cover all four cases:
Modified: django/trunk/tests/regressiontests/admin_views/tests.py
===================================================================
--- django/trunk/tests/regressiontests/admin_views/tests.py 2011-01-12
23:25:33 UTC (rev 15177)
+++ django/trunk/tests/regressiontests/admin_views/tests.py 2011-01-12
23:30:47 UTC (rev 15178)
@@ -33,7 +33,7 @@
FooAccount, Gallery, ModelWithStringPrimaryKey, \
Person, Persona, Picture, Podcast, Section, Subscriber, Vodcast, \
Language, Collector, Widget, Grommet, DooHickey, FancyDoodad, Whatsit, \
- Category, Post, Plot, FunkyTag, Chapter, Book, Promo
+ Category, Post, Plot, FunkyTag, Chapter, Book, Promo, WorkHour, Employee
class AdminViewBasicTest(TestCase):
@@ -382,6 +382,16 @@
except SuspiciousOperation:
self.fail("Filters should be allowed if they involve a local field
without the need to whitelist them in list_filter or date_hierarchy.")
+ e1 = Employee.objects.create(name='Anonymous', gender=1, age=22,
alive=True, code='123')
+ e2 = Employee.objects.create(name='Visitor', gender=2, age=19,
alive=True, code='124')
+ WorkHour.objects.create(datum=datetime.datetime.now(), employee=e1)
+ WorkHour.objects.create(datum=datetime.datetime.now(), employee=e2)
+ response = self.client.get("/test_admin/admin/admin_views/workhour/")
+ self.assertEqual(response.status_code, 200)
+ self.assertContains(response, 'employee__person_ptr__exact')
+ response =
self.client.get("/test_admin/admin/admin_views/workhour/?employee__person_ptr__exact=%d"
% e1.pk)
+ self.assertEqual(response.status_code, 200)
+
class SaveAsTests(TestCase):
fixtures = ['admin-views-users.xml','admin-views-person.xml']
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en.
