Fixed #16958 -- Correctly use the queryset method in the auth app's UserAdmin class. Thanks, mpaolini.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@17474 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-02-09 18:57:40 +00:00 · 2012-02-09 18:57:40 +00:00 · bc8875e37c
parent a6b6c6e171
commit bc8875e37c
3 changed files with 17 additions and 1 deletions
--- a/django/contrib/auth/admin.py
+++ b/django/contrib/auth/admin.py
@ -117,7 +117,7 @@ class UserAdmin(admin.ModelAdmin):
    def user_change_password(self, request, id, form_url=''):
        if not self.has_change_permission(request):
            raise PermissionDenied
-        user = get_object_or_404(self.model, pk=id)
+        user = get_object_or_404(self.queryset(request), pk=id)
        if request.method == 'POST':
            form = self.change_password_form(user, request.POST)
            if form.is_valid():
--- a/tests/regressiontests/admin_views/customadmin.py
+++ b/tests/regressiontests/admin_views/customadmin.py
@ -6,6 +6,8 @@ from __future__ import absolute_import
 from django.conf.urls import patterns
 from django.contrib import admin
 from django.http import HttpResponse
+from django.contrib.auth.models import User
+from django.contrib.auth.admin import UserAdmin

 from . import models, forms, admin as base_admin

@ -30,6 +32,14 @@ class Admin2(admin.AdminSite):
    def my_view(self, request):
        return HttpResponse("Django is a magical pony!")

+
+class UserLimitedAdmin(UserAdmin):
+    # used for testing password change on a user not in queryset
+    def queryset(self, request):
+        qs = super(UserLimitedAdmin, self).queryset(request)
+        return qs.filter(is_superuser=False)
+
+
 site = Admin2(name="admin2")

 site.register(models.Article, base_admin.ArticleAdmin)
@ -37,3 +47,4 @@ site.register(models.Section, inlines=[base_admin.ArticleInline])
 site.register(models.Thing, base_admin.ThingAdmin)
 site.register(models.Fabric, base_admin.FabricAdmin)
 site.register(models.ChapterXtra1, base_admin.ChapterXtra1Admin)
+site.register(User, UserLimitedAdmin)
--- a/tests/regressiontests/admin_views/tests.py
+++ b/tests/regressiontests/admin_views/tests.py
@ -2946,6 +2946,11 @@ class ReadonlyTest(TestCase):
        response = self.client.get('/test_admin/admin/admin_views/pizza/add/')
        self.assertEqual(response.status_code, 200)

+    def test_user_password_change_limited_queryset(self):
+        su = User.objects.filter(is_superuser=True)[0]
+        response = self.client.get('/test_admin/admin2/auth/user/%s/password/' % su.pk)
+        self.assertEquals(response.status_code, 404)
+

 class RawIdFieldsTest(TestCase):
    urls = "regressiontests.admin_views.urls"