A RetroSearch Logo

Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Search Query:

Showing content from https://github.com/django/django/commit/0e7861aec73702f7933ce2a93056f7983939f0d6 below:

[1.4.x] Checked object permissions on admin history view. · django/django@0e7861a · GitHub

@@ -1064,6 +1064,46 @@ def testChangeView(self):

 1064 1064

self.assertContains(request, 'login-form')

 1065 1065

self.client.get('/test_admin/admin/logout/')

 1066 1066 1067 +

def testHistoryView(self):

 1068 +

"""History view should restrict access."""

 1069 + 1070 +

# add user shoud not be able to view the list of article or change any of them

 1071 +

self.client.get('/test_admin/admin/')

 1072 +

self.client.post('/test_admin/admin/', self.adduser_login)

 1073 +

response = self.client.get('/test_admin/admin/admin_views/article/1/history/')

 1074 +

self.assertEqual(response.status_code, 403)

 1075 +

self.client.get('/test_admin/admin/logout/')

 1076 + 1077 +

# change user can view all items and edit them

 1078 +

self.client.get('/test_admin/admin/')

 1079 +

self.client.post('/test_admin/admin/', self.changeuser_login)

 1080 +

response = self.client.get('/test_admin/admin/admin_views/article/1/history/')

 1081 +

self.assertEqual(response.status_code, 200)

 1082 + 1083 +

# Test redirection when using row-level change permissions. Refs #11513.

 1084 +

RowLevelChangePermissionModel.objects.create(id=1, name="odd id")

 1085 +

RowLevelChangePermissionModel.objects.create(id=2, name="even id")

 1086 +

for login_dict in [self.super_login, self.changeuser_login, self.adduser_login, self.deleteuser_login]:

 1087 +

self.client.post('/test_admin/admin/', login_dict)

 1088 +

response = self.client.get('/test_admin/admin/admin_views/rowlevelchangepermissionmodel/1/history/')

 1089 +

self.assertEqual(response.status_code, 403)

 1090 + 1091 +

response = self.client.get('/test_admin/admin/admin_views/rowlevelchangepermissionmodel/2/history/')

 1092 +

self.assertEqual(response.status_code, 200)

 1093 + 1094 +

self.client.get('/test_admin/admin/logout/')

 1095 + 1096 +

for login_dict in [self.joepublic_login, self.no_username_login]:

 1097 +

self.client.post('/test_admin/admin/', login_dict)

 1098 +

response = self.client.get('/test_admin/admin/admin_views/rowlevelchangepermissionmodel/1/history/')

 1099 +

self.assertEqual(response.status_code, 200)

 1100 +

self.assertContains(response, 'login-form')

 1101 +

response = self.client.get('/test_admin/admin/admin_views/rowlevelchangepermissionmodel/2/history/')

 1102 +

self.assertEqual(response.status_code, 200)

 1103 +

self.assertContains(response, 'login-form')

 1104 + 1105 +

self.client.get('/test_admin/admin/logout/')

 1106 + 1067 1107

def testConditionallyShowAddSectionLink(self):

 1068 1108

"""

 1069 1109

The foreign key widget should only show the "add related" button if the

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4