Fixed #29663 -- Made admin change view redirect to changelist with view permission.

2025-05-09 16:36:29 +00:00 · 2018-08-12 07:51:23 -07:00 · 2018-08-12 07:51:23 -07:00 · 09ee3b6fe3
commit 09ee3b6fe3
parent 57f16655cd
5 changed files with 29 additions and 1 deletions
--- a/django/contrib/admin/options.py
+++ b/django/contrib/admin/options.py
@ -1324,7 +1324,7 @@ class ModelAdmin(BaseModelAdmin):
    def _response_post_save(self, request, obj):
        opts = self.model._meta
-        if self.has_change_permission(request, None):
+        if self.has_view_or_change_permission(request):
            post_url = reverse('admin:%s_%s_changelist' %
                               (opts.app_label, opts.model_name),
                               current_app=self.admin_site.name)
--- a/docs/releases/2.1.1.txt
+++ b/docs/releases/2.1.1.txt
@ -35,3 +35,6 @@ Bugfixes
 * Fixed the test client's JSON serialization of a request data dictionary for
  structured content type suffixes (:ticket:`29662`).
 * Made the admin change view redirect to the changelist view after a POST if
  the user has the 'view' permission (:ticket:`29663`).
--- a/tests/admin_views/admin.py
+++ b/tests/admin_views/admin.py
@ -1126,3 +1126,12 @@ class ArticleAdmin9(admin.ModelAdmin):
 site9 = admin.AdminSite(name='admin9')
 site9.register(Article, ArticleAdmin9)
 class ArticleAdmin10(admin.ModelAdmin):
    def has_change_permission(self, request, obj=None):
        return False
 site10 = admin.AdminSite(name='admin10')
 site10.register(Article, ArticleAdmin10)
--- a/tests/admin_views/tests.py
+++ b/tests/admin_views/tests.py
@ -1865,6 +1865,21 @@ class AdminViewPermissionsTest(TestCase):
        self.assertEqual(response.context['title'], 'View article')
        self.assertContains(response, '<a href="/test_admin/admin9/admin_views/article/" class="closelink">Close</a>')
    def test_change_view_post_without_object_change_permission(self):
        """A POST redirectS to changelist without modifications."""
        change_dict = {
            'title': 'Ikke fordømt',
            'content': '<p>edited article</p>',
            'date_0': '2008-03-18', 'date_1': '10:54:39',
            'section': self.s1.pk,
        }
        change_url = reverse('admin10:admin_views_article_change', args=(self.a1.pk,))
        changelist_url = reverse('admin10:admin_views_article_changelist')
        self.client.force_login(self.viewuser)
        response = self.client.post(change_url, change_dict)
        self.assertRedirects(response, changelist_url)
        self.assertEqual(Article.objects.get(pk=self.a1.pk).content, '<p>Middle content</p>')
    def test_change_view_save_as_new(self):
        """
        'Save as new' should raise PermissionDenied for users without the 'add'
--- a/tests/admin_views/urls.py
+++ b/tests/admin_views/urls.py
@ -17,6 +17,7 @@ urlpatterns = [
    # All admin views accept `extra_context` to allow adding it like this:
    url(r'^test_admin/admin8/', (admin.site.get_urls(), 'admin', 'admin-extra-context'), {'extra_context': {}}),
    url(r'^test_admin/admin9/', admin.site9.urls),
    url(r'^test_admin/admin10/', admin.site10.urls),
    url(r'^test_admin/has_permission_admin/', custom_has_permission_admin.site.urls),
    url(r'^test_admin/autocomplete_admin/', autocomplete_site.urls),
 ]