@@ -1778,8 +1778,7 @@ def test_change_view(self):
1778 1778
self.assertEqual(post.status_code, 403)
1779 1779
self.client.get(reverse('admin:logout'))
1780 1780 1781 -
# view user should be able to view the article but not change any of them
1782 -
# (the POST can be sent, but no modification occurs)
1781 +
# view user can view articles but not make changes.
1783 1782
self.client.force_login(self.viewuser)
1784 1783
response = self.client.get(article_changelist_url)
1785 1784
self.assertEqual(response.status_code, 200)
@@ -1790,7 +1789,7 @@ def test_change_view(self):
1790 1789
self.assertContains(response, '<label>Extra form field:</label>')
1791 1790
self.assertContains(response, '<a href="/test_admin/admin/admin_views/article/" class="closelink">Close</a>')
1792 1791
post = self.client.post(article_change_url, change_dict)
1793 -
self.assertEqual(post.status_code, 302)
1792 +
self.assertEqual(post.status_code, 403)
1794 1793
self.assertEqual(Article.objects.get(pk=self.a1.pk).content, '<p>Middle content</p>')
1795 1794
self.client.get(reverse('admin:logout'))
1796 1795
@@ -1847,8 +1846,7 @@ def test_change_view(self):
1847 1846
response = self.client.get(change_url_3)
1848 1847
self.assertEqual(response.status_code, 200)
1849 1848
response = self.client.post(change_url_3, {'name': 'changed'})
1850 -
self.assertEqual(response.status_code, 302)
1851 -
self.assertRedirects(response, self.index_url)
1849 +
self.assertEqual(response.status_code, 403)
1852 1850
self.assertEqual(RowLevelChangePermissionModel.objects.get(id=3).name, 'odd id mult 3')
1853 1851
response = self.client.get(change_url_6)
1854 1852
self.assertEqual(response.status_code, 200)
@@ -1884,21 +1882,6 @@ def test_change_view_without_object_change_permission(self):
1884 1882
self.assertEqual(response.context['title'], 'View article')
1885 1883
self.assertContains(response, '<a href="/test_admin/admin9/admin_views/article/" class="closelink">Close</a>')
1886 1884 1887 -
def test_change_view_post_without_object_change_permission(self):
1888 -
"""A POST redirectS to changelist without modifications."""
1889 -
change_dict = {
1890 -
'title': 'Ikke fordømt',
1891 -
'content': '<p>edited article</p>',
1892 -
'date_0': '2008-03-18', 'date_1': '10:54:39',
1893 -
'section': self.s1.pk,
1894 -
}
1895 -
change_url = reverse('admin10:admin_views_article_change', args=(self.a1.pk,))
1896 -
changelist_url = reverse('admin10:admin_views_article_changelist')
1897 -
self.client.force_login(self.viewuser)
1898 -
response = self.client.post(change_url, change_dict)
1899 -
self.assertRedirects(response, changelist_url)
1900 -
self.assertEqual(Article.objects.get(pk=self.a1.pk).content, '<p>Middle content</p>')
1901 - 1902 1885
def test_change_view_save_as_new(self):
1903 1886
"""
1904 1887
'Save as new' should raise PermissionDenied for users without the 'add'
@@ -3981,52 +3964,6 @@ def test_simple_inline(self):
3981 3964
self.assertEqual(Widget.objects.count(), 1)
3982 3965
self.assertEqual(Widget.objects.all()[0].name, "Widget 1 Updated")
3983 3966 3984 -
def test_simple_inline_permissions(self):
3985 -
"""
3986 -
Changes aren't allowed without change permissions for the inline object.
3987 -
"""
3988 -
# User who can view Articles
3989 -
permissionuser = User.objects.create_user(
3990 -
username='permissionuser', password='secret',
3991 -
email='vuser@example.com', is_staff=True,
3992 -
)
3993 -
permissionuser.user_permissions.add(get_perm(Collector, get_permission_codename('view', Collector._meta)))
3994 -
permissionuser.user_permissions.add(get_perm(Widget, get_permission_codename('view', Widget._meta)))
3995 -
self.client.force_login(permissionuser)
3996 -
# Without add permission, a new inline can't be added.
3997 -
self.post_data['widget_set-0-name'] = 'Widget 1'
3998 -
collector_url = reverse('admin:admin_views_collector_change', args=(self.collector.pk,))
3999 -
response = self.client.post(collector_url, self.post_data)
4000 -
self.assertEqual(response.status_code, 302)
4001 -
self.assertEqual(Widget.objects.count(), 0)
4002 -
# But after adding the permisson it can.
4003 -
permissionuser.user_permissions.add(get_perm(Widget, get_permission_codename('add', Widget._meta)))
4004 -
self.post_data['widget_set-0-name'] = "Widget 1"
4005 -
collector_url = reverse('admin:admin_views_collector_change', args=(self.collector.pk,))
4006 -
response = self.client.post(collector_url, self.post_data)
4007 -
self.assertEqual(response.status_code, 302)
4008 -
self.assertEqual(Widget.objects.count(), 1)
4009 -
self.assertEqual(Widget.objects.first().name, 'Widget 1')
4010 -
widget_id = Widget.objects.first().id
4011 -
# Without the change permission, a POST doesn't change the object.
4012 -
self.post_data['widget_set-INITIAL_FORMS'] = '1'
4013 -
self.post_data['widget_set-0-id'] = str(widget_id)
4014 -
self.post_data['widget_set-0-name'] = 'Widget 1 Updated'
4015 -
response = self.client.post(collector_url, self.post_data)
4016 -
self.assertEqual(response.status_code, 302)
4017 -
self.assertEqual(Widget.objects.count(), 1)
4018 -
self.assertEqual(Widget.objects.first().name, 'Widget 1')
4019 -
# Now adding the change permission and editing works.
4020 -
permissionuser.user_permissions.remove(get_perm(Widget, get_permission_codename('add', Widget._meta)))
4021 -
permissionuser.user_permissions.add(get_perm(Widget, get_permission_codename('change', Widget._meta)))
4022 -
self.post_data['widget_set-INITIAL_FORMS'] = '1'
4023 -
self.post_data['widget_set-0-id'] = str(widget_id)
4024 -
self.post_data['widget_set-0-name'] = 'Widget 1 Updated'
4025 -
response = self.client.post(collector_url, self.post_data)
4026 -
self.assertEqual(response.status_code, 302)
4027 -
self.assertEqual(Widget.objects.count(), 1)
4028 -
self.assertEqual(Widget.objects.first().name, 'Widget 1 Updated')
4029 - 4030 3967
def test_explicit_autofield_inline(self):
4031 3968
"A model with an explicit autofield primary key can be saved as inlines. Regression for #8093"
4032 3969
# First add a new inline
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4