# coding: utf-8 from __future__ import absolute_import, unicode_literals import os import re import datetime import urlparse from django.conf import settings, global_settings from django.core import mail from django.core.exceptions import SuspiciousOperation from django.core.files import temp as tempfile from django.core.urlresolvers import reverse # Register auth models with the admin. from django.contrib import admin from django.contrib.admin.helpers import ACTION_CHECKBOX_NAME from django.contrib.admin.models import LogEntry, DELETION from django.contrib.admin.sites import LOGIN_FORM_KEY from django.contrib.admin.util import quote from django.contrib.admin.views.main import IS_POPUP_VAR from django.contrib.admin.tests import AdminSeleniumWebDriverTestCase from django.contrib.auth import REDIRECT_FIELD_NAME from django.contrib.auth.models import Group, User, Permission, UNUSABLE_PASSWORD from django.contrib.contenttypes.models import ContentType from django.forms.util import ErrorList from django.template.response import TemplateResponse from django.test import TestCase from django.utils import formats, translation, unittest from django.utils.cache import get_max_age from django.utils.encoding import iri_to_uri from django.utils.html import escape from django.utils.http import urlencode from django.test.utils import override_settings # local test models from .models import (Article, BarAccount, CustomArticle, EmptyModel, FooAccount, Gallery, ModelWithStringPrimaryKey, Person, Persona, Picture, Podcast, Section, Subscriber, Vodcast, Language, Collector, Widget, Grommet, DooHickey, FancyDoodad, Whatsit, Category, Post, Plot, FunkyTag, Chapter, Book, Promo, WorkHour, Employee, Question, Answer, Inquisition, Actor, FoodDelivery, RowLevelChangePermissionModel, Paper, CoverLetter, Story, OtherStory, ComplexSortedPerson, Parent, Child, AdminOrderedField, AdminOrderedModelMethod, AdminOrderedAdminMethod, AdminOrderedCallable, Report, MainPrepopulated, RelatedPrepopulated, UnorderedObject, UndeletableObject) ERROR_MESSAGE = "Please enter the correct username and password \ for a staff account. Note that both fields are case-sensitive." @override_settings(PASSWORD_HASHERS=('django.contrib.auth.hashers.SHA1PasswordHasher',)) class AdminViewBasicTest(TestCase): fixtures = ['admin-views-users.xml', 'admin-views-colors.xml', 'admin-views-fabrics.xml', 'admin-views-books.xml'] # Store the bit of the URL where the admin is registered as a class # variable. That way we can test a second AdminSite just by subclassing # this test case and changing urlbit. urlbit = 'admin' urls = "regressiontests.admin_views.urls" def setUp(self): self.old_USE_I18N = settings.USE_I18N self.old_USE_L10N = settings.USE_L10N self.old_LANGUAGE_CODE = settings.LANGUAGE_CODE self.client.login(username='super', password='secret') settings.USE_I18N = True def tearDown(self): settings.USE_I18N = self.old_USE_I18N settings.USE_L10N = self.old_USE_L10N settings.LANGUAGE_CODE = self.old_LANGUAGE_CODE self.client.logout() formats.reset_format_cache() def testTrailingSlashRequired(self): """ If you leave off the trailing slash, app should redirect and add it. """ request = self.client.get('/test_admin/%s/admin_views/article/add' % self.urlbit) self.assertRedirects(request, '/test_admin/%s/admin_views/article/add/' % self.urlbit, status_code=301 ) def testBasicAddGet(self): """ A smoke test to ensure GET on the add_view works. """ response = self.client.get('/test_admin/%s/admin_views/section/add/' % self.urlbit) self.assertIsInstance(response, TemplateResponse) self.assertEqual(response.status_code, 200) def testAddWithGETArgs(self): response = self.client.get('/test_admin/%s/admin_views/section/add/' % self.urlbit, {'name': 'My Section'}) self.assertEqual(response.status_code, 200) self.assertContains(response, 'value="My Section"', msg_prefix="Couldn't find an input with the right value in the response" ) def testBasicEditGet(self): """ A smoke test to ensure GET on the change_view works. """ response = self.client.get('/test_admin/%s/admin_views/section/1/' % self.urlbit) self.assertIsInstance(response, TemplateResponse) self.assertEqual(response.status_code, 200) def testBasicEditGetStringPK(self): """ A smoke test to ensure GET on the change_view works (returns an HTTP 404 error, see #11191) when passing a string as the PK argument for a model with an integer PK field. """ response = self.client.get('/test_admin/%s/admin_views/section/abc/' % self.urlbit) self.assertEqual(response.status_code, 404) def testBasicAddPost(self): """ A smoke test to ensure POST on add_view works. """ post_data = { "name": "Another Section", # inline data "article_set-TOTAL_FORMS": "3", "article_set-INITIAL_FORMS": "0", "article_set-MAX_NUM_FORMS": "0", } response = self.client.post('/test_admin/%s/admin_views/section/add/' % self.urlbit, post_data) self.assertEqual(response.status_code, 302) # redirect somewhere def testPopupAddPost(self): """ Ensure http response from a popup is properly escaped. """ post_data = { '_popup': '1', 'title': 'title with a new\nline', 'content': 'some content', 'date_0': '2010-09-10', 'date_1': '14:55:39', } response = self.client.post('/test_admin/%s/admin_views/article/add/' % self.urlbit, post_data) self.assertEqual(response.status_code, 200) self.assertContains(response, 'dismissAddAnotherPopup') self.assertContains(response, 'title with a new\\u000Aline') # Post data for edit inline inline_post_data = { "name": "Test section", # inline data "article_set-TOTAL_FORMS": "6", "article_set-INITIAL_FORMS": "3", "article_set-MAX_NUM_FORMS": "0", "article_set-0-id": "1", # there is no title in database, give one here or formset will fail. "article_set-0-title": "Norske bostaver æøå skaper problemer", "article_set-0-content": "<p>Middle content</p>", "article_set-0-date_0": "2008-03-18", "article_set-0-date_1": "11:54:58", "article_set-0-section": "1", "article_set-1-id": "2", "article_set-1-title": "Need a title.", "article_set-1-content": "<p>Oldest content</p>", "article_set-1-date_0": "2000-03-18", "article_set-1-date_1": "11:54:58", "article_set-2-id": "3", "article_set-2-title": "Need a title.", "article_set-2-content": "<p>Newest content</p>", "article_set-2-date_0": "2009-03-18", "article_set-2-date_1": "11:54:58", "article_set-3-id": "", "article_set-3-title": "", "article_set-3-content": "", "article_set-3-date_0": "", "article_set-3-date_1": "", "article_set-4-id": "", "article_set-4-title": "", "article_set-4-content": "", "article_set-4-date_0": "", "article_set-4-date_1": "", "article_set-5-id": "", "article_set-5-title": "", "article_set-5-content": "", "article_set-5-date_0": "", "article_set-5-date_1": "", } def testBasicEditPost(self): """ A smoke test to ensure POST on edit_view works. """ response = self.client.post('/test_admin/%s/admin_views/section/1/' % self.urlbit, self.inline_post_data) self.assertEqual(response.status_code, 302) # redirect somewhere def testEditSaveAs(self): """ Test "save as". """ post_data = self.inline_post_data.copy() post_data.update({ '_saveasnew': 'Save+as+new', "article_set-1-section": "1", "article_set-2-section": "1", "article_set-3-section": "1", "article_set-4-section": "1", "article_set-5-section": "1", }) response = self.client.post('/test_admin/%s/admin_views/section/1/' % self.urlbit, post_data) self.assertEqual(response.status_code, 302) # redirect somewhere def testChangeListSortingCallable(self): """ Ensure we can sort on a list_display field that is a callable (column 2 is callable_year in ArticleAdmin) """ response = self.client.get('/test_admin/%s/admin_views/article/' % self.urlbit, {'o': 2}) self.assertEqual(response.status_code, 200) self.assertTrue( response.content.index('Oldest content') < response.content.index('Middle content') and response.content.index('Middle content') < response.content.index('Newest content'), "Results of sorting on callable are out of order." ) def testChangeListSortingModel(self): """ Ensure we can sort on a list_display field that is a Model method (colunn 3 is 'model_year' in ArticleAdmin) """ response = self.client.get('/test_admin/%s/admin_views/article/' % self.urlbit, {'o': '-3'}) self.assertEqual(response.status_code, 200) self.assertTrue( response.content.index('Newest content') < response.content.index('Middle content') and response.content.index('Middle content') < response.content.index('Oldest content'), "Results of sorting on Model method are out of order." ) def testChangeListSortingModelAdmin(self): """ Ensure we can sort on a list_display field that is a ModelAdmin method (colunn 4 is 'modeladmin_year' in ArticleAdmin) """ response = self.client.get('/test_admin/%s/admin_views/article/' % self.urlbit, {'o': '4'}) self.assertEqual(response.status_code, 200) self.assertTrue( response.content.index('Oldest content') < response.content.index('Middle content') and response.content.index('Middle content') < response.content.index('Newest content'), "Results of sorting on ModelAdmin method are out of order." ) def testChangeListSortingMultiple(self): p1 = Person.objects.create(name="Chris", gender=1, alive=True) p2 = Person.objects.create(name="Chris", gender=2, alive=True) p3 = Person.objects.create(name="Bob", gender=1, alive=True) link = '', msg_prefix="Expected filter not found in changelist view" ) self.assertNotContains(response, 'Blue', msg_prefix="Changelist filter not correctly limited by limit_choices_to" ) def testRelationSpanningFilters(self): response = self.client.get('/test_admin/%s/admin_views/chapterxtra1/' % self.urlbit) self.assertEqual(response.status_code, 200) self.assertContains(response, '
great article
', 'date_0': '2008-03-18', 'date_1': '10:54:39', 'section': 1} # Change User should not have access to add articles self.client.get('/test_admin/admin/') self.client.post('/test_admin/admin/', self.changeuser_login) # make sure the view removes test cookie self.assertEqual(self.client.session.test_cookie_worked(), False) request = self.client.get('/test_admin/admin/admin_views/article/add/') self.assertEqual(request.status_code, 403) # Try POST just to make sure post = self.client.post('/test_admin/admin/admin_views/article/add/', add_dict) self.assertEqual(post.status_code, 403) self.assertEqual(Article.objects.all().count(), 3) self.client.get('/test_admin/admin/logout/') # Add user may login and POST to add view, then redirect to admin root self.client.get('/test_admin/admin/') self.client.post('/test_admin/admin/', self.adduser_login) addpage = self.client.get('/test_admin/admin/admin_views/article/add/') self.assertEqual(addpage.status_code, 200) change_list_link = '› Articles' self.assertFalse(change_list_link in addpage.content, 'User restricted to add permission is given link to change list view in breadcrumbs.') post = self.client.post('/test_admin/admin/admin_views/article/add/', add_dict) self.assertRedirects(post, '/test_admin/admin/') self.assertEqual(Article.objects.all().count(), 4) self.assertEqual(len(mail.outbox), 1) self.assertEqual(mail.outbox[0].subject, 'Greetings from a created object') self.client.get('/test_admin/admin/logout/') # Super can add too, but is redirected to the change list view self.client.get('/test_admin/admin/') self.client.post('/test_admin/admin/', self.super_login) addpage = self.client.get('/test_admin/admin/admin_views/article/add/') self.assertEqual(addpage.status_code, 200) self.assertFalse(change_list_link not in addpage.content, 'Unrestricted user is not given link to change list view in breadcrumbs.') post = self.client.post('/test_admin/admin/admin_views/article/add/', add_dict) self.assertRedirects(post, '/test_admin/admin/admin_views/article/') self.assertEqual(Article.objects.all().count(), 5) self.client.get('/test_admin/admin/logout/') # 8509 - if a normal user is already logged in, it is possible # to change user into the superuser without error login = self.client.login(username='joepublic', password='secret') # Check and make sure that if user expires, data still persists self.client.get('/test_admin/admin/') self.client.post('/test_admin/admin/', self.super_login) # make sure the view removes test cookie self.assertEqual(self.client.session.test_cookie_worked(), False) def testChangeView(self): """Change view should restrict access and allow users to edit items.""" change_dict = {'title' : 'Ikke fordømt', 'content': 'edited article
', 'date_0': '2008-03-18', 'date_1': '10:54:39', 'section': 1} # add user shoud not be able to view the list of article or change any of them self.client.get('/test_admin/admin/') self.client.post('/test_admin/admin/', self.adduser_login) request = self.client.get('/test_admin/admin/admin_views/article/') self.assertEqual(request.status_code, 403) request = self.client.get('/test_admin/admin/admin_views/article/1/') self.assertEqual(request.status_code, 403) post = self.client.post('/test_admin/admin/admin_views/article/1/', change_dict) self.assertEqual(post.status_code, 403) self.client.get('/test_admin/admin/logout/') # change user can view all items and edit them self.client.get('/test_admin/admin/') self.client.post('/test_admin/admin/', self.changeuser_login) request = self.client.get('/test_admin/admin/admin_views/article/') self.assertEqual(request.status_code, 200) request = self.client.get('/test_admin/admin/admin_views/article/1/') self.assertEqual(request.status_code, 200) post = self.client.post('/test_admin/admin/admin_views/article/1/', change_dict) self.assertRedirects(post, '/test_admin/admin/admin_views/article/') self.assertEqual(Article.objects.get(pk=1).content, 'edited article
') # one error in form should produce singular error message, multiple errors plural change_dict['title'] = '' post = self.client.post('/test_admin/admin/admin_views/article/1/', change_dict) self.assertContains(post, 'Please correct the error below.', msg_prefix='Singular error message not found in response to post with one error') change_dict['content'] = '' post = self.client.post('/test_admin/admin/admin_views/article/1/', change_dict) self.assertContains(post, 'Please correct the errors below.', msg_prefix='Plural error message not found in response to post with multiple errors') self.client.get('/test_admin/admin/logout/') # Test redirection when using row-level change permissions. Refs #11513. RowLevelChangePermissionModel.objects.create(id=1, name="odd id") RowLevelChangePermissionModel.objects.create(id=2, name="even id") for login_dict in [self.super_login, self.changeuser_login, self.adduser_login, self.deleteuser_login]: self.client.post('/test_admin/admin/', login_dict) request = self.client.get('/test_admin/admin/admin_views/rowlevelchangepermissionmodel/1/') self.assertEqual(request.status_code, 403) request = self.client.post('/test_admin/admin/admin_views/rowlevelchangepermissionmodel/1/', {'name': 'changed'}) self.assertEqual(RowLevelChangePermissionModel.objects.get(id=1).name, 'odd id') self.assertEqual(request.status_code, 403) request = self.client.get('/test_admin/admin/admin_views/rowlevelchangepermissionmodel/2/') self.assertEqual(request.status_code, 200) request = self.client.post('/test_admin/admin/admin_views/rowlevelchangepermissionmodel/2/', {'name': 'changed'}) self.assertEqual(RowLevelChangePermissionModel.objects.get(id=2).name, 'changed') self.assertRedirects(request, '/test_admin/admin/') self.client.get('/test_admin/admin/logout/') for login_dict in [self.joepublic_login, self.no_username_login]: self.client.post('/test_admin/admin/', login_dict) request = self.client.get('/test_admin/admin/admin_views/rowlevelchangepermissionmodel/1/') self.assertEqual(request.status_code, 200) self.assertContains(request, 'login-form') request = self.client.post('/test_admin/admin/admin_views/rowlevelchangepermissionmodel/1/', {'name': 'changed'}) self.assertEqual(RowLevelChangePermissionModel.objects.get(id=1).name, 'odd id') self.assertEqual(request.status_code, 200) self.assertContains(request, 'login-form') request = self.client.get('/test_admin/admin/admin_views/rowlevelchangepermissionmodel/2/') self.assertEqual(request.status_code, 200) self.assertContains(request, 'login-form') request = self.client.post('/test_admin/admin/admin_views/rowlevelchangepermissionmodel/2/', {'name': 'changed again'}) self.assertEqual(RowLevelChangePermissionModel.objects.get(id=2).name, 'changed') self.assertEqual(request.status_code, 200) self.assertContains(request, 'login-form') self.client.get('/test_admin/admin/logout/') def testConditionallyShowAddSectionLink(self): """ The foreign key widget should only show the "add related" button if the user has permission to add that related item. """ # Set up and log in user. url = '/test_admin/admin/admin_views/article/add/' add_link_text = ' class="add-another"' self.client.get('/test_admin/admin/') self.client.post('/test_admin/admin/', self.adduser_login) # The add user can't add sections yet, so they shouldn't see the "add # section" link. response = self.client.get(url) self.assertNotContains(response, add_link_text) # Allow the add user to add sections too. Now they can see the "add # section" link. add_user = User.objects.get(username='adduser') perm = get_perm(Section, Section._meta.get_add_permission()) add_user.user_permissions.add(perm) response = self.client.get(url) self.assertContains(response, add_link_text) def testCustomModelAdminTemplates(self): self.client.get('/test_admin/admin/') self.client.post('/test_admin/admin/', self.super_login) # Test custom change list template with custom extra context request = self.client.get('/test_admin/admin/admin_views/customarticle/') self.assertEqual(request.status_code, 200) self.assertTrue("var hello = 'Hello!';" in request.content) self.assertTemplateUsed(request, 'custom_admin/change_list.html') # Test custom add form template request = self.client.get('/test_admin/admin/admin_views/customarticle/add/') self.assertTemplateUsed(request, 'custom_admin/add_form.html') # Add an article so we can test delete, change, and history views post = self.client.post('/test_admin/admin/admin_views/customarticle/add/', { 'content': 'great article
', 'date_0': '2008-03-18', 'date_1': '10:54:39' }) self.assertRedirects(post, '/test_admin/admin/admin_views/customarticle/') self.assertEqual(CustomArticle.objects.all().count(), 1) article_pk = CustomArticle.objects.all()[0].pk # Test custom delete, change, and object history templates # Test custom change form template request = self.client.get('/test_admin/admin/admin_views/customarticle/%d/' % article_pk) self.assertTemplateUsed(request, 'custom_admin/change_form.html') request = self.client.get('/test_admin/admin/admin_views/customarticle/%d/delete/' % article_pk) self.assertTemplateUsed(request, 'custom_admin/delete_confirmation.html') request = self.client.post('/test_admin/admin/admin_views/customarticle/', data={ 'index': 0, 'action': ['delete_selected'], '_selected_action': ['1'], }) self.assertTemplateUsed(request, 'custom_admin/delete_selected_confirmation.html') request = self.client.get('/test_admin/admin/admin_views/customarticle/%d/history/' % article_pk) self.assertTemplateUsed(request, 'custom_admin/object_history.html') self.client.get('/test_admin/admin/logout/') def testDeleteView(self): """Delete view should restrict access and actually delete items.""" delete_dict = {'post': 'yes'} # add user shoud not be able to delete articles self.client.get('/test_admin/admin/') self.client.post('/test_admin/admin/', self.adduser_login) request = self.client.get('/test_admin/admin/admin_views/article/1/delete/') self.assertEqual(request.status_code, 403) post = self.client.post('/test_admin/admin/admin_views/article/1/delete/', delete_dict) self.assertEqual(post.status_code, 403) self.assertEqual(Article.objects.all().count(), 3) self.client.get('/test_admin/admin/logout/') # Delete user can delete self.client.get('/test_admin/admin/') self.client.post('/test_admin/admin/', self.deleteuser_login) response = self.client.get('/test_admin/admin/admin_views/section/1/delete/') # test response contains link to related Article self.assertContains(response, "admin_views/article/1/") response = self.client.get('/test_admin/admin/admin_views/article/1/delete/') self.assertEqual(response.status_code, 200) post = self.client.post('/test_admin/admin/admin_views/article/1/delete/', delete_dict) self.assertRedirects(post, '/test_admin/admin/') self.assertEqual(Article.objects.all().count(), 2) self.assertEqual(len(mail.outbox), 1) self.assertEqual(mail.outbox[0].subject, 'Greetings from a deleted object') article_ct = ContentType.objects.get_for_model(Article) logged = LogEntry.objects.get(content_type=article_ct, action_flag=DELETION) self.assertEqual(logged.object_id, '1') self.client.get('/test_admin/admin/logout/') def testDisabledPermissionsWhenLoggedIn(self): self.client.login(username='super', password='secret') superuser = User.objects.get(username='super') superuser.is_active = False superuser.save() response = self.client.get('/test_admin/admin/') self.assertContains(response, 'id="login-form"') self.assertNotContains(response, 'Log out') response = self.client.get('/test_admin/admin/secure-view/') self.assertContains(response, 'id="login-form"') @override_settings(PASSWORD_HASHERS=('django.contrib.auth.hashers.SHA1PasswordHasher',)) class AdminViewsNoUrlTest(TestCase): """Regression test for #17333""" urls = "regressiontests.admin_views.urls" fixtures = ['admin-views-users.xml'] def setUp(self): opts = Report._meta # User who can change Reports change_user = User.objects.get(username='changeuser') change_user.user_permissions.add(get_perm(Report, opts.get_change_permission())) # login POST dict self.changeuser_login = { REDIRECT_FIELD_NAME: '/test_admin/admin/', LOGIN_FORM_KEY: 1, 'username': 'changeuser', 'password': 'secret', } def test_no_standard_modeladmin_urls(self): """Admin index views don't break when user's ModelAdmin removes standard urls""" self.client.get('/test_admin/admin/') self.client.post('/test_admin/admin/', self.changeuser_login) r = self.client.get('/test_admin/admin/') # we shouldn' get an 500 error caused by a NoReverseMatch self.assertEqual(r.status_code, 200) self.client.get('/test_admin/admin/logout/') @override_settings(PASSWORD_HASHERS=('django.contrib.auth.hashers.SHA1PasswordHasher',)) class AdminViewDeletedObjectsTest(TestCase): urls = "regressiontests.admin_views.urls" fixtures = ['admin-views-users.xml', 'deleted-objects.xml'] def setUp(self): self.client.login(username='super', password='secret') def tearDown(self): self.client.logout() def test_nesting(self): """ Objects should be nested to display the relationships that cause them to be scheduled for deletion. """ pattern = re.compile(r"""', 3) self.assertContains(response, '
Some help text for the title (with unicode ŠĐĆŽćžšđ)
', html=True) self.assertContains(response, 'Some help text for the content (with unicode ŠĐĆŽćžšđ)
', html=True) self.assertContains(response, 'Some help text for the date (with unicode ŠĐĆŽćžšđ)
', html=True) p = Post.objects.create(title="I worked on readonly_fields", content="Its good stuff") response = self.client.get('/test_admin/admin/admin_views/post/%d/' % p.pk) self.assertContains(response, "%d amount of cool" % p.pk) def test_readonly_post(self): data = { "title": "Django Got Readonly Fields", "content": "This is an incredible development.", "link_set-TOTAL_FORMS": "1", "link_set-INITIAL_FORMS": "0", "link_set-MAX_NUM_FORMS": "0", } response = self.client.post('/test_admin/admin/admin_views/post/add/', data) self.assertEqual(response.status_code, 302) self.assertEqual(Post.objects.count(), 1) p = Post.objects.get() self.assertEqual(p.posted, datetime.date.today()) data["posted"] = "10-8-1990" # some date that's not today response = self.client.post('/test_admin/admin/admin_views/post/add/', data) self.assertEqual(response.status_code, 302) self.assertEqual(Post.objects.count(), 2) p = Post.objects.order_by('-id')[0] self.assertEqual(p.posted, datetime.date.today()) def test_readonly_manytomany(self): "Regression test for #13004" response = self.client.get('/test_admin/admin/admin_views/pizza/add/') self.assertEqual(response.status_code, 200) def test_user_password_change_limited_queryset(self): su = User.objects.filter(is_superuser=True)[0] response = self.client.get('/test_admin/admin2/auth/user/%s/password/' % su.pk) self.assertEqual(response.status_code, 404) @override_settings(PASSWORD_HASHERS=('django.contrib.auth.hashers.SHA1PasswordHasher',)) class RawIdFieldsTest(TestCase): urls = "regressiontests.admin_views.urls" fixtures = ['admin-views-users.xml'] def setUp(self): self.client.login(username='super', password='secret') def tearDown(self): self.client.logout() def test_limit_choices_to(self): """Regression test for 14880""" # This includes tests integers, strings and booleans in the lookup query string actor = Actor.objects.create(name="Palin", age=27) inquisition1 = Inquisition.objects.create(expected=True, leader=actor, country="England") inquisition2 = Inquisition.objects.create(expected=False, leader=actor, country="Spain") response = self.client.get('/test_admin/admin/admin_views/sketch/add/') # Find the link m = re.search(r']* id="lookup_id_inquisition"', response.content) self.assertTrue(m) # Got a match popup_url = m.groups()[0].replace("&", "&") # Handle relative links popup_url = urlparse.urljoin(response.request['PATH_INFO'], popup_url) # Get the popup response2 = self.client.get(popup_url) self.assertContains(response2, "Spain") self.assertNotContains(response2, "England") @override_settings(PASSWORD_HASHERS=('django.contrib.auth.hashers.SHA1PasswordHasher',)) class UserAdminTest(TestCase): """ Tests user CRUD functionality. """ urls = "regressiontests.admin_views.urls" fixtures = ['admin-views-users.xml'] def setUp(self): self.client.login(username='super', password='secret') def tearDown(self): self.client.logout() def test_save_button(self): user_count = User.objects.count() response = self.client.post('/test_admin/admin/auth/user/add/', { 'username': 'newuser', 'password1': 'newpassword', 'password2': 'newpassword', }) new_user = User.objects.order_by('-id')[0] self.assertRedirects(response, '/test_admin/admin/auth/user/%s/' % new_user.pk) self.assertEqual(User.objects.count(), user_count + 1) self.assertNotEqual(new_user.password, UNUSABLE_PASSWORD) def test_save_continue_editing_button(self): user_count = User.objects.count() response = self.client.post('/test_admin/admin/auth/user/add/', { 'username': 'newuser', 'password1': 'newpassword', 'password2': 'newpassword', '_continue': '1', }) new_user = User.objects.order_by('-id')[0] self.assertRedirects(response, '/test_admin/admin/auth/user/%s/' % new_user.pk) self.assertEqual(User.objects.count(), user_count + 1) self.assertNotEqual(new_user.password, UNUSABLE_PASSWORD) def test_password_mismatch(self): response = self.client.post('/test_admin/admin/auth/user/add/', { 'username': 'newuser', 'password1': 'newpassword', 'password2': 'mismatch', }) self.assertEqual(response.status_code, 200) adminform = response.context['adminform'] self.assertTrue('password' not in adminform.form.errors) self.assertEqual(adminform.form.errors['password2'], ["The two password fields didn't match."]) def test_user_fk_popup(self): """Quick user addition in a FK popup shouldn't invoke view for further user customization""" response = self.client.get('/test_admin/admin/admin_views/album/add/') self.assertEqual(response.status_code, 200) self.assertContains(response, '/test_admin/admin/auth/user/add') self.assertContains(response, 'class="add-another" id="add_id_owner" onclick="return showAddAnotherPopup(this);"') response = self.client.get('/test_admin/admin/auth/user/add/?_popup=1') self.assertEqual(response.status_code, 200) self.assertNotContains(response, 'name="_continue"') self.assertNotContains(response, 'name="_addanother"') data = { 'username': 'newuser', 'password1': 'newpassword', 'password2': 'newpassword', '_popup': '1', '_save': '1', } response = self.client.post('/test_admin/admin/auth/user/add/?_popup=1', data, follow=True) self.assertEqual(response.status_code, 200) self.assertContains(response, 'dismissAddAnotherPopup') def test_save_add_another_button(self): user_count = User.objects.count() response = self.client.post('/test_admin/admin/auth/user/add/', { 'username': 'newuser', 'password1': 'newpassword', 'password2': 'newpassword', '_addanother': '1', }) new_user = User.objects.order_by('-id')[0] self.assertRedirects(response, '/test_admin/admin/auth/user/add/') self.assertEqual(User.objects.count(), user_count + 1) self.assertNotEqual(new_user.password, UNUSABLE_PASSWORD) def test_user_permission_performance(self): u = User.objects.all()[0] # Don't depend on a warm cache, see #17377. ContentType.objects.clear_cache() with self.assertNumQueries(8): response = self.client.get('/test_admin/admin/auth/user/%s/' % u.pk) self.assertEqual(response.status_code, 200) def test_form_url_present_in_context(self): u = User.objects.all()[0] response = self.client.get('/test_admin/admin3/auth/user/%s/password/' % u.pk) self.assertEqual(response.status_code, 200) self.assertEqual(response.context['form_url'], 'pony') @override_settings(PASSWORD_HASHERS=('django.contrib.auth.hashers.SHA1PasswordHasher',)) class GroupAdminTest(TestCase): """ Tests group CRUD functionality. """ urls = "regressiontests.admin_views.urls" fixtures = ['admin-views-users.xml'] def setUp(self): self.client.login(username='super', password='secret') def tearDown(self): self.client.logout() def test_save_button(self): group_count = Group.objects.count() response = self.client.post('/test_admin/admin/auth/group/add/', { 'name': 'newgroup', }) new_group = Group.objects.order_by('-id')[0] self.assertRedirects(response, '/test_admin/admin/auth/group/') self.assertEqual(Group.objects.count(), group_count + 1) def test_group_permission_performance(self): g = Group.objects.create(name="test_group") with self.assertNumQueries(6): # instead of 259! response = self.client.get('/test_admin/admin/auth/group/%s/' % g.pk) self.assertEqual(response.status_code, 200) @override_settings(PASSWORD_HASHERS=('django.contrib.auth.hashers.SHA1PasswordHasher',)) class CSSTest(TestCase): urls = "regressiontests.admin_views.urls" fixtures = ['admin-views-users.xml'] def setUp(self): self.client.login(username='super', password='secret') def tearDown(self): self.client.logout() def test_css_classes(self): response = self.client.get('/test_admin/admin/admin_views/post/add/') # The main form self.assertContains(response, 'class="form-row field-title"') self.assertContains(response, 'class="form-row field-content"') self.assertContains(response, 'class="form-row field-public"') self.assertContains(response, 'class="form-row field-awesomeness_level"') self.assertContains(response, 'class="form-row field-coolness"') self.assertContains(response, 'class="form-row field-value"') self.assertContains(response, 'class="form-row"') # The lambda function # The tabular inline self.assertContains(response, '