newforms-admin: Fixed #5999 -- When a session expires properly route the

flow to call the correct view. Thanks favo and Michael Newman. git-svn-id: http://code.djangoproject.com/svn/django/branches/newforms-admin@7611 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2025-07-04 09:49:12 +00:00 · 2008-06-10 16:05:09 +00:00 · 2008-06-10 16:05:09 +00:00 · be810670ff
commit be810670ff
parent 98d30caedb
2 changed files with 16 additions and 2 deletions
--- a/django/contrib/admin/sites.py
+++ b/django/contrib/admin/sites.py
@ -113,7 +113,12 @@ class AdminSite(object):
            return self.logout(request)

        if not self.has_permission(request):
-            return self.login(request)
+            response = self.login(request)
+            if response:
+                # make sure that there is a response before returning
+                # this addresses any post data that might persist from
+                # expired sessions and continue through (#5999)
+                return response


        if url == '':
@ -245,7 +250,7 @@ class AdminSite(object):
                        # overwrite request.POST with the saved post_data, and continue
                        request.POST = post_data
                        request.user = user
-                        return view_func(request, *args, **kwargs)
+                        return None
                    else:
                        request.session.delete_test_cookie()
                        return http.HttpResponseRedirect(request.path)
--- a/tests/regressiontests/admin_views/tests.py
+++ b/tests/regressiontests/admin_views/tests.py
@ -145,6 +145,15 @@ class AdminViewPermissionsTest(TestCase):
        self.failUnlessEqual(Article.objects.all().count(), 3)
        self.client.get('/test_admin/admin/logout/')
        
+        # Check and make sure that if user expires, data still persists
+        post = self.client.post('/test_admin/admin/admin_views/article/add/', add_dict)
+        self.assertContains(post, 'Please log in again, because your session has expired.')
+        self.super_login['post_data'] = _encode_post_data(add_dict)
+        post = self.client.post('/test_admin/admin/admin_views/article/add/', self.super_login)
+        self.assertRedirects(post, '/test_admin/admin/admin_views/article/')
+        self.failUnlessEqual(Article.objects.all().count(), 4)
+        self.client.get('/test_admin/admin/logout/')
+        
    def testChangeView(self):
        """Change view should restrict access and allow users to edit items."""