mirror of
https://github.com/django/django.git
synced 2025-10-28 16:16:12 +00:00
Fixed #25622 -- Accounted for generic relations in the admin to field validation
Thanks to Jonathan Liuti for the report and Tim Graham for the review.
This commit is contained in:
Simon Charette
@@ -725,6 +725,14 @@ class AdminViewBasicTest(AdminViewBasicTestCase):
|
||||
response = self.client.get(reverse('admin:admin_views_referencedbyinline_changelist'), {TO_FIELD_VAR: 'name'})
|
||||
self.assertEqual(response.status_code, 200)
|
||||
|
||||
# #25622 - Specifying a field of a model only referred by a generic
|
||||
# relation should raise DisallowedModelAdminToField.
|
||||
url = reverse('admin:admin_views_referencedbygenrel_changelist')
|
||||
with patch_logger('django.security.DisallowedModelAdminToField', 'error') as calls:
|
||||
response = self.client.get(url, {TO_FIELD_VAR: 'object_id'})
|
||||
self.assertEqual(response.status_code, 400)
|
||||
self.assertEqual(len(calls), 1)
|
||||
|
||||
# We also want to prevent the add, change, and delete views from
|
||||
# leaking a disallowed field value.
|
||||
with patch_logger('django.security.DisallowedModelAdminToField', 'error') as calls:
|
||||
|
||||
Reference in New Issue
Block a user