From 1c56af676d02aa0cdb70bb3749971f1cac4afdb3 Mon Sep 17 00:00:00 2001 From: Ramiro Morales Date: Wed, 12 Jan 2011 23:30:47 +0000 Subject: [PATCH] Added tests demonstrating that filtering lookup expression that involve model with inheritance schemes aren't incorrectly blacklisted by the r15031 security fix. Refs. #15032. git-svn-id: http://code.djangoproject.com/svn/django/trunk@15178 bcc190cf-cafb-0310-a4f2-bffc1f526a37 --- tests/regressiontests/admin_views/models.py | 12 ++++++++++++ tests/regressiontests/admin_views/tests.py | 12 +++++++++++- 2 files changed, 23 insertions(+), 1 deletion(-) diff --git a/tests/regressiontests/admin_views/models.py b/tests/regressiontests/admin_views/models.py index 49c68e633f..0a27964ea3 100644 --- a/tests/regressiontests/admin_views/models.py +++ b/tests/regressiontests/admin_views/models.py @@ -615,6 +615,17 @@ class Album(models.Model): class AlbumAdmin(admin.ModelAdmin): list_filter = ['title'] +class Employee(Person): + code = models.CharField(max_length=20) + +class WorkHour(models.Model): + datum = models.DateField() + employee = models.ForeignKey(Employee) + +class WorkHourAdmin(admin.ModelAdmin): + list_display = ('datum', 'employee') + list_filter = ('employee',) + admin.site.register(Article, ArticleAdmin) admin.site.register(CustomArticle, CustomArticleAdmin) admin.site.register(Section, save_as=True, inlines=[ArticleInline]) @@ -646,6 +657,7 @@ admin.site.register(Plot) admin.site.register(PlotDetails) admin.site.register(CyclicOne) admin.site.register(CyclicTwo) +admin.site.register(WorkHour, WorkHourAdmin) # We intentionally register Promo and ChapterXtra1 but not Chapter nor ChapterXtra2. # That way we cover all four cases: diff --git a/tests/regressiontests/admin_views/tests.py b/tests/regressiontests/admin_views/tests.py index 5a0385faa5..9b881291de 100644 --- a/tests/regressiontests/admin_views/tests.py +++ b/tests/regressiontests/admin_views/tests.py @@ -33,7 +33,7 @@ from models import Article, BarAccount, CustomArticle, EmptyModel, \ FooAccount, Gallery, ModelWithStringPrimaryKey, \ Person, Persona, Picture, Podcast, Section, Subscriber, Vodcast, \ Language, Collector, Widget, Grommet, DooHickey, FancyDoodad, Whatsit, \ - Category, Post, Plot, FunkyTag, Chapter, Book, Promo + Category, Post, Plot, FunkyTag, Chapter, Book, Promo, WorkHour, Employee class AdminViewBasicTest(TestCase): @@ -382,6 +382,16 @@ class AdminViewBasicTest(TestCase): except SuspiciousOperation: self.fail("Filters should be allowed if they involve a local field without the need to whitelist them in list_filter or date_hierarchy.") + e1 = Employee.objects.create(name='Anonymous', gender=1, age=22, alive=True, code='123') + e2 = Employee.objects.create(name='Visitor', gender=2, age=19, alive=True, code='124') + WorkHour.objects.create(datum=datetime.datetime.now(), employee=e1) + WorkHour.objects.create(datum=datetime.datetime.now(), employee=e2) + response = self.client.get("/test_admin/admin/admin_views/workhour/") + self.assertEqual(response.status_code, 200) + self.assertContains(response, 'employee__person_ptr__exact') + response = self.client.get("/test_admin/admin/admin_views/workhour/?employee__person_ptr__exact=%d" % e1.pk) + self.assertEqual(response.status_code, 200) + class SaveAsTests(TestCase): fixtures = ['admin-views-users.xml','admin-views-person.xml']