mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-07-04 09:49:12 +00:00
Code Issues 32 Releases Wiki Activity

newforms-admin: Changed ModelAdmin.has_delete_permission to take obj instead of object_id. This is a lot more convenient. Also changed fieldsets_change and javascript_change to take obj instead of object_id.

Browse Source 
git-svn-id: http://code.djangoproject.com/svn/django/branches/newforms-admin@4583 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
Adrian Holovaty 2007-02-25 20:35:32 +00:00
parent 064e97dccb
commit 9c2f1ad89c
1 changed files with 27 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
django/contrib/admin/options.py
View File

@ -146,6 +146,9 @@ class ModelAdmin(object):
def javascript(self, request, fieldsets): def javascript(self, request, fieldsets):
""" """
Returns a list of URLs to include via <script> statements. Returns a list of URLs to include via <script> statements.
The URLs can be absolute ('/js/admin/') or explicit
('http://example.com/foo.js').
""" """
from django.conf import settings from django.conf import settings
js = ['js/core.js', 'js/admin/RelatedObjectLookups.js'] js = ['js/core.js', 'js/admin/RelatedObjectLookups.js']
@ -169,8 +172,8 @@ class ModelAdmin(object):
def javascript_add(self, request): def javascript_add(self, request):
return self.javascript(request, self.fieldsets_add(request)) return self.javascript(request, self.fieldsets_add(request))
def javascript_change(self, request, object_id): def javascript_change(self, request, obj):
return self.javascript(request, self.fieldsets_change(request, object_id)) return self.javascript(request, self.fieldsets_change(request, obj))
def fieldsets(self, request): def fieldsets(self, request):
""" """
@ -193,7 +196,7 @@ class ModelAdmin(object):
for fs in self.fieldsets(request): for fs in self.fieldsets(request):
yield fs yield fs
def fieldsets_change(self, request, object_id): def fieldsets_change(self, request, obj):
"Hook for specifying Fieldsets for the change form." "Hook for specifying Fieldsets for the change form."
for fs in self.fieldsets(request): for fs in self.fieldsets(request):
yield fs yield fs
@ -257,10 +260,13 @@ class ModelAdmin(object):
opts = self.opts opts = self.opts
return request.user.has_perm(opts.app_label + '.' + opts.get_change_permission()) return request.user.has_perm(opts.app_label + '.' + opts.get_change_permission())
def has_delete_permission(self, request, object_id): def has_delete_permission(self, request, obj):
""" """
Returns True if the given request has permission to change the object Returns True if the given request has permission to change the given
with the given object_id. Django model instance.
If `obj` is None, this should return True if the given request has
permission to delete *any* object of the given type.
""" """
opts = self.opts opts = self.opts
return request.user.has_perm(opts.app_label + '.' + opts.get_delete_permission()) return request.user.has_perm(opts.app_label + '.' + opts.get_delete_permission())
@ -435,11 +441,11 @@ class ModelAdmin(object):
c = template.RequestContext(request, { c = template.RequestContext(request, {
'title': _('Change %s') % opts.verbose_name, 'title': _('Change %s') % opts.verbose_name,
'adminform': AdminForm(form, self.fieldsets_change(request, object_id), self.prepopulated_fields), 'adminform': AdminForm(form, self.fieldsets_change(request, obj), self.prepopulated_fields),
'object_id': object_id, 'object_id': object_id,
'original': obj, 'original': obj,
'is_popup': request.REQUEST.has_key('_popup'), 'is_popup': request.REQUEST.has_key('_popup'),
'javascript_imports': self.javascript_change(request, object_id), 'javascript_imports': self.javascript_change(request, obj),
}) })
return render_change_form(self, model, model.ChangeManipulator(object_id), c, change=True) return render_change_form(self, model, model.ChangeManipulator(object_id), c, change=True)
@ -478,9 +484,20 @@ class ModelAdmin(object):
from django.contrib.admin.models import LogEntry, DELETION from django.contrib.admin.models import LogEntry, DELETION
opts = self.model._meta opts = self.model._meta
app_label = opts.app_label app_label = opts.app_label
if not self.has_delete_permission(request, object_id):
try:
obj = self.model._default_manager.get(pk=object_id)
except self.model.DoesNotExist:
# Don't raise Http404 just yet, because we haven't checked
# permissions yet. We don't want an unauthenticated user to be able
# to determine whether a given object exists.
obj = None
if not self.has_delete_permission(request, obj):
raise PermissionDenied raise PermissionDenied
obj = get_object_or_404(self.model, pk=object_id)
if obj is None:
raise Http404('%s object with primary key %r does not exist.' % (opts.verbose_name, escape(object_id)))
# Populate deleted_objects, a data structure of all related objects that # Populate deleted_objects, a data structure of all related objects that
# will also be deleted. # will also be deleted.