mirror of
https://github.com/django/django.git
synced 2024-12-01 15:42:04 +01:00
Added tests demonstrating that filtering lookup expression that involve model with inheritance schemes aren't incorrectly blacklisted by the r15031 security fix. Refs. #15032.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15178 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
parent
f544d98896
commit
1c56af676d
@ -615,6 +615,17 @@ class Album(models.Model):
|
||||
class AlbumAdmin(admin.ModelAdmin):
|
||||
list_filter = ['title']
|
||||
|
||||
class Employee(Person):
|
||||
code = models.CharField(max_length=20)
|
||||
|
||||
class WorkHour(models.Model):
|
||||
datum = models.DateField()
|
||||
employee = models.ForeignKey(Employee)
|
||||
|
||||
class WorkHourAdmin(admin.ModelAdmin):
|
||||
list_display = ('datum', 'employee')
|
||||
list_filter = ('employee',)
|
||||
|
||||
admin.site.register(Article, ArticleAdmin)
|
||||
admin.site.register(CustomArticle, CustomArticleAdmin)
|
||||
admin.site.register(Section, save_as=True, inlines=[ArticleInline])
|
||||
@ -646,6 +657,7 @@ admin.site.register(Plot)
|
||||
admin.site.register(PlotDetails)
|
||||
admin.site.register(CyclicOne)
|
||||
admin.site.register(CyclicTwo)
|
||||
admin.site.register(WorkHour, WorkHourAdmin)
|
||||
|
||||
# We intentionally register Promo and ChapterXtra1 but not Chapter nor ChapterXtra2.
|
||||
# That way we cover all four cases:
|
||||
|
@ -33,7 +33,7 @@ from models import Article, BarAccount, CustomArticle, EmptyModel, \
|
||||
FooAccount, Gallery, ModelWithStringPrimaryKey, \
|
||||
Person, Persona, Picture, Podcast, Section, Subscriber, Vodcast, \
|
||||
Language, Collector, Widget, Grommet, DooHickey, FancyDoodad, Whatsit, \
|
||||
Category, Post, Plot, FunkyTag, Chapter, Book, Promo
|
||||
Category, Post, Plot, FunkyTag, Chapter, Book, Promo, WorkHour, Employee
|
||||
|
||||
|
||||
class AdminViewBasicTest(TestCase):
|
||||
@ -382,6 +382,16 @@ class AdminViewBasicTest(TestCase):
|
||||
except SuspiciousOperation:
|
||||
self.fail("Filters should be allowed if they involve a local field without the need to whitelist them in list_filter or date_hierarchy.")
|
||||
|
||||
e1 = Employee.objects.create(name='Anonymous', gender=1, age=22, alive=True, code='123')
|
||||
e2 = Employee.objects.create(name='Visitor', gender=2, age=19, alive=True, code='124')
|
||||
WorkHour.objects.create(datum=datetime.datetime.now(), employee=e1)
|
||||
WorkHour.objects.create(datum=datetime.datetime.now(), employee=e2)
|
||||
response = self.client.get("/test_admin/admin/admin_views/workhour/")
|
||||
self.assertEqual(response.status_code, 200)
|
||||
self.assertContains(response, 'employee__person_ptr__exact')
|
||||
response = self.client.get("/test_admin/admin/admin_views/workhour/?employee__person_ptr__exact=%d" % e1.pk)
|
||||
self.assertEqual(response.status_code, 200)
|
||||
|
||||
class SaveAsTests(TestCase):
|
||||
fixtures = ['admin-views-users.xml','admin-views-person.xml']
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user