mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-07-04 09:49:12 +00:00
Code Issues 32 Releases Wiki Activity

newforms-admin: Fixed #5999 -- When a session expires properly route the

Browse Source 
flow to call the correct view. Thanks favo and Michael Newman.


git-svn-id: http://code.djangoproject.com/svn/django/branches/newforms-admin@7611 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
Brian Rosner 2008-06-10 16:05:09 +00:00
parent 98d30caedb
commit be810670ff
2 changed files with 16 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
django/contrib/admin/sites.py
View File

@ -113,7 +113,12 @@ class AdminSite(object):
return self.logout(request) return self.logout(request)
if not self.has_permission(request): if not self.has_permission(request):
return self.login(request) response = self.login(request)
if response:
# make sure that there is a response before returning
# this addresses any post data that might persist from
# expired sessions and continue through (#5999)
return response
if url == '': if url == '':
@ -245,7 +250,7 @@ class AdminSite(object):
# overwrite request.POST with the saved post_data, and continue # overwrite request.POST with the saved post_data, and continue
request.POST = post_data request.POST = post_data
request.user = user request.user = user
return view_func(request, *args, **kwargs) return None
else: else:
request.session.delete_test_cookie() request.session.delete_test_cookie()
return http.HttpResponseRedirect(request.path) return http.HttpResponseRedirect(request.path)

9
tests/regressiontests/admin_views/tests.py
View File

@ -145,6 +145,15 @@ class AdminViewPermissionsTest(TestCase):
self.failUnlessEqual(Article.objects.all().count(), 3) self.failUnlessEqual(Article.objects.all().count(), 3)
self.client.get('/test_admin/admin/logout/') self.client.get('/test_admin/admin/logout/')
# Check and make sure that if user expires, data still persists
post = self.client.post('/test_admin/admin/admin_views/article/add/', add_dict)
self.assertContains(post, 'Please log in again, because your session has expired.')
self.super_login['post_data'] = _encode_post_data(add_dict)
post = self.client.post('/test_admin/admin/admin_views/article/add/', self.super_login)
self.assertRedirects(post, '/test_admin/admin/admin_views/article/')
self.failUnlessEqual(Article.objects.all().count(), 4)
self.client.get('/test_admin/admin/logout/')
def testChangeView(self): def testChangeView(self):
"""Change view should restrict access and allow users to edit items.""" """Change view should restrict access and allow users to edit items."""