Commit Graph

63 Commits

Author SHA1 Message Date
Ramiro Morales 554f0601b5 Stopped unconditionally reversing admin model add/change URLs.
Starting with [16857] this could cause HTTP 500 errors when
`ModelAdmin.get_urls()` has been customized to the point it doesn't
provide these standard URLs.

Fixes #17333. Refs #15294.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@17237 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-12-19 14:59:14 +00:00
Ramiro Morales aaf77c1676 Converted internal link generation in the admin and admin document generator to use named URLs.
Thanks to Florian Apolloner for both the initial patch and his final push to get
this fixed, to Dario Ocles for his great work on the admin templates and
switching the admin_doc application to also use named URLs, to Mikko Hellsing
for his comments and to Jannis and Julien for their review and design guidance.

Fixes #15294.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16857 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-09-20 18:30:06 +00:00
Ramiro Morales 26b8122087 Fixed #14675 -- Completed removal of `from django.conf.urls.default import *` usage.
This applies to both our own [test] code and documentation examples. Also:
 * Moved the functions and handlers from `django.conf.urls.defaults` up to
   `django.conf.urls` deprecating the former module.
 * Added documentation for `handler403`.
 * Tweaked the URLs topic document a bit.

Thanks to pupeno and cdestigter for their great work contributing patches.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16818 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-09-11 22:36:16 +00:00
Ramiro Morales f90449321b Simplified AdminSite self.name attribute initialization.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16576 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-07-30 19:22:43 +00:00
Ramiro Morales ff9a666753 Removed deprecated admin contrib app AdminSite root_path attribute. Refs #15294, r11250, r16136.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16575 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-07-30 19:09:23 +00:00
Ramiro Morales 817f03f63f Cleaned up admin sites.py imports.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16134 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-04-30 22:24:08 +00:00
Jannis Leidel c8092b840b Fixed #15008 -- Replaced all calls in the admin to render_to_response with TemplateResponses for easier customization. Thanks to Chris Adams for the initial patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16087 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-04-22 18:17:16 +00:00
Adrian Holovaty a87be3554f Removed a bunch of Python 2.4 workarounds now that we don't support it. Refs #15702 -- thanks to jonash for the patch. Splitting this over muliple commits to make it more manageable.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15926 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-03-28 01:40:43 +00:00
Russell Keith-Magee 49cfe25399 Fixed #15512 -- Cleanup of imports in contrib.admin. Thanks to Julien Phalip for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15719 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-03-03 01:54:33 +00:00
Jacob Kaplan-Moss 174d8db57c Prevented non-admin users from accessing the admin redirect shortcut.
If the admin shortcut view (e.g. /admin/r/<content-type>/<pk>/) is
publically-accessible, and if a public users can guess a content-type ID
(which isn't hard given that they're sequential), then the redirect view could
possibly leak data by redirecting to pages a user shouldn't "know about." So
the redirect view needs the same protection as the rest of the admin site.

Thanks to Jason Royes for pointing this out.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@15639 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-24 13:34:51 +00:00
Russell Keith-Magee 12bd7bcb35 Fixed #12004 -- Improved error reporting when an abstract class is registered with the admin. Thanks to Matt Smalley for the report, and to mk and Julien Phalip for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15636 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-23 13:43:21 +00:00
Jannis Leidel 5f4bc1ff23 Fixed a few translation related tests:
* Extended the admin i18n view to also take the admin translation catalogues into account.
  * Use a translation string from the core translations to test LOCALE_PATHS.
  * Fixed Russian translation of singular forms.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@15273 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-01-21 19:36:26 +00:00
Jannis Leidel cc64fb5c4b Fixed #8342 -- Removed code from the admin that assumed that you can't login with an email address (nixed by r12634). Also refactored login code slightly to be DRY by using more of auth app's forms and views.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14769 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-12-02 00:44:35 +00:00
Alex Gaynor c38a174f7c Remove several uses of the deprecated dict.has_key in favor of the in operator. This is faster, has less code, and is in every single way better.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14392 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-29 04:24:53 +00:00
Luke Plant 5bf73dd909 Fixed reference to removed function root() in AdminSite docstring.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14209 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-14 01:24:20 +00:00
Russell Keith-Magee 1070c57b83 Fixed #14436 -- Escalated 1.2 PendingDeprecationWarnings to DeprecationWarnings, and removed 1.1 deprecated code.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14138 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-11 12:20:07 +00:00
Russell Keith-Magee c4b6edf3b8 Fixed #12746 -- Updated sorting calls to use 'key' instead of 'cmp'. This will be slightly faster in certain circumstances, but more importantly, is a required step for migration to Python 3. Thanks to Martin van Loewis for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@13509 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-08-06 16:31:44 +00:00
Russell Keith-Magee 5211f48ae3 Fixed #12164 -- Removed the Python 2.3 compatibility imports and workarounds. Thanks to timo and claudep for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@13094 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-05-04 14:00:30 +00:00
Luke Plant d7abb33e70 Fixed #12933 - AdminSite.admin_view disables @csrf_view_exempt
Thanks to philomat for report and patch.



git-svn-id: http://code.djangoproject.com/svn/django/trunk@12619 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-02-27 21:08:30 +00:00
Jannis Leidel 67d4289c2e Fixed #12066 - Moved auth context processor from core to the auth app. Thanks, Rob Hudson.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@12466 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-02-21 23:40:47 +00:00
Jannis Leidel a205691979 Fixed #8933 - Allow more admin templates to be overridden.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@12217 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-01-12 23:34:46 +00:00
Adrian Holovaty 19b72077f7 Fixed #8049 -- Fixed inconsistency in admin site is_active checks. Thanks for patch and tests, isagalaev
git-svn-id: http://code.djangoproject.com/svn/django/trunk@12159 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-01-10 16:51:13 +00:00
Adrian Holovaty 933b9e8de7 Fixed #6991 -- Removed some redundant user.is_authenticated() calls in various places. Thanks, alexkoshelev, Liang Feng and Ivan Sagalaev
git-svn-id: http://code.djangoproject.com/svn/django/trunk@12142 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-01-09 20:11:01 +00:00
Luke Plant 86fcb25749 Updated all PendingDeprecationWarning from 1.1 to DeprecationWarning ready for 1.2
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11791 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-12-03 15:11:14 +00:00
Luke Plant 5a0aab41ee Allow CsrfResponseMiddleware to be used if templates cannot be updated.
For the case where someone is using contrib views with custom templates that
they cannot update to use the template tag, it should be possible to use
CsrfResponseMiddleware.  This requires that 'csrf_response_exempt' is not
used for the admin views.



git-svn-id: http://code.djangoproject.com/svn/django/trunk@11683 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-30 00:17:29 +00:00
Luke Plant 7230a995ce Moved contrib.csrf.* to core code.
There is stub code for backwards compatiblity with Django 1.1 imports.

The documentation has been updated, but has been left in
docs/contrib/csrf.txt for now, in order to avoid dead links to
documentation on the website.



git-svn-id: http://code.djangoproject.com/svn/django/trunk@11661 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-27 00:36:34 +00:00
Luke Plant 8e70cef9b6 Fixed #9977 - CsrfMiddleware gets template tag added, session dependency removed, and turned on by default.
This is a large change to CSRF protection for Django.  It includes:

 * removing the dependency on the session framework.
 * deprecating CsrfResponseMiddleware, and replacing with a core template tag.
 * turning on CSRF protection by default by adding CsrfViewMiddleware to
   the default value of MIDDLEWARE_CLASSES.
 * protecting all contrib apps (whatever is in settings.py)
   using a decorator.

For existing users of the CSRF functionality, it should be a seamless update,
but please note that it includes DEPRECATION of features in Django 1.1,
and there are upgrade steps which are detailed in the docs.

Many thanks to 'Glenn' and 'bthomas', who did a lot of the thinking and work
on the patch, and to lots of other people including Simon Willison and
Russell Keith-Magee who refined the ideas.

Details of the rationale for these changes is found here:

http://code.djangoproject.com/wiki/CsrfProtection

As of this commit, the CSRF code is mainly in 'contrib'.  The code will be
moved to core in a separate commit, to make the changeset as readable as
possible.



git-svn-id: http://code.djangoproject.com/svn/django/trunk@11660 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-26 23:23:07 +00:00
Luke Plant c44fdf6a1e Fixed #12067 - check_dependencies in contrib.admin.sites not triggered using new style admin include
Thanks to robhudson for report and patch.



git-svn-id: http://code.djangoproject.com/svn/django/trunk@11648 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-24 10:13:24 +00:00
Luke Plant 84ef9dabfa Fixed #11061: Malformed POST request causes TypeError in AdminSite.login().
Thanks vvd


git-svn-id: http://code.djangoproject.com/svn/django/trunk@11493 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-09-10 16:50:57 +00:00
Russell Keith-Magee 8d48eaa064 Fixed #10061 -- Added namespacing for named URLs - most importantly, for the admin site, where the absence of this facility was causing problems. Thanks to the many people who contributed to and helped review this patch.
This change is backwards incompatible for anyone that is using the named URLs
introduced in [9739]. Any usage of the old admin_XXX names need to be modified
to use the new namespaced format; in many cases this will be as simple as a
search & replace for "admin_" -> "admin:". See the docs for more details on
the new URL names, and the namespace resolution strategy.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@11250 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-07-16 16:16:13 +00:00
Russell Keith-Magee e992e57d3e Fixed #11416 -- Restored use of the never_cache decorator on admin views. Thanks to Ramiro Morales and Michael Newmann for their work on the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@11229 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-07-13 13:46:31 +00:00
Jacob Kaplan-Moss 7d1b4295b9 Fixed #9036: unified the permission checking in `AdminSite`, pushing it down to the `ModelAdmin` where it belongs.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10451 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-04-08 19:47:46 +00:00
Jacob Kaplan-Moss 8415c057fb Fixed #10423, a type on the `AdminSite.admin_view` docstring.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10410 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-04-06 21:11:10 +00:00
Jacob Kaplan-Moss bb15cee58a Made a bunch of improvements to admin actions. Be warned: this includes one minor but BACKWARDS-INCOMPATIBLE change.
These changes are:

    * BACKWARDS-INCOMPATIBLE CHANGE: action functions and action methods now share the same signature: `(modeladmin, request, queryset)`. Actions defined as methods stay the same, but if you've defined an action as a standalone function you'll now need to add that first `modeladmin` argument.
    * The delete selected action is now a standalone function registered site-wide; this makes disabling it easy.
    * Fixed #10596: there are now official, documented `AdminSite` APIs for dealing with actions, including a method to disable global actions. You can still re-enable globally-disabled actions on a case-by-case basis.
    * Fixed #10595: you can now disable actions for a particular `ModelAdmin` by setting `actions` to `None`.
    * Fixed #10734: actions are now sorted (by name).
    * Fixed #10618: the action is now taken from the form whose "submit" button you clicked, not arbitrarily the last form on the page.
    * All of the above is documented and tested.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@10408 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-04-06 20:23:33 +00:00
Jacob Kaplan-Moss a2dec37c41 Fixed #9908: allow individual app index templates in the admin. Thanks, arne.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10317 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-04-01 14:13:59 +00:00
Gary Wilson Jr b4f5655c86 Fixed #10553 -- Corrected several uses of `URLconf` in documentation and comments, according to the Django style guide. Based on patch from rduffield.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10256 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-03-31 16:07:07 +00:00
Jacob Kaplan-Moss 44f3080226 Fixed #10505: added support for bulk admin actions, including a globally-available "delete selected" action. See the documentation for details.
This work started life as Brian Beck's "django-batchadmin." It was rewritten for inclusion in Django by Alex Gaynor, Jannis Leidel (jezdez), and Martin Mahner (bartTC). Thanks, guys!

git-svn-id: http://code.djangoproject.com/svn/django/trunk@10121 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-03-23 20:22:56 +00:00
Jacob Kaplan-Moss a7d1c73ad9 `ModelAdmin` validation now runs when using the `site.register(Model, **kwargs)` form.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10074 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-03-17 20:40:01 +00:00
Jacob Kaplan-Moss 1f84630c87 Fixed #6470: made the admin use a URL resolver.
This *is* backwards compatible, but `admin.site.root()` has been deprecated. The new style is `('^admin/', include(admin.site.urls))`; users will need to update their code to take advantage of the new customizable admin URLs.

Thanks to Alex Gaynor.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@9739 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-01-14 20:22:25 +00:00
Adrian Holovaty 2ccc716e7b Changed the app-level links on the admin index page to include trailing slashes, to be consistent with the rest of the links
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9048 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-09-16 06:01:47 +00:00
Adrian Holovaty 40cb11a554 Moved the bulk of the shortcut() function in django/views/defaults.py to a new module, django/contrib/contenttypes/views.py. As a result, django/views/defaults.py no longer relies on django.contrib.contenttypes. Of course, the shortcut() function is still available in the former module, for backwards compatibility. See the new FutureBackwardsIncompatibleChanges wiki page.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9001 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-09-10 05:56:34 +00:00
Adrian Holovaty 1bfed070c3 Fixed #7929 -- Removed some snippets of admin code that weren't doing anything, and tightened up a few more lines. Plus, an indentation fix. Thanks, julien
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8985 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-09-08 05:45:17 +00:00
Jacob Kaplan-Moss 0e5faf225c Security fix. Announcement forthcoming.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8877 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-09-02 21:10:00 +00:00
Jacob Kaplan-Moss 0c66bac4f3 Marked a handful of missed strings for translation. Fixes #8644, #8617, and #8610.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8679 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-28 20:17:31 +00:00
Malcolm Tredinnick ec8848dad5 Fixed #8589 -- Fixed the URL for the logout link on the app_index page in admin.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8617 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-27 07:27:09 +00:00
Malcolm Tredinnick 6e51f05112 Fixed #8577 -- Fixed a couple of indentation errors when viewing the app-index
page in admin. Patch by evenrik.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@8607 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-27 05:22:25 +00:00
Brian Rosner de977c8514 Fixed #8522 -- Allow app_index to take extra_context to be consistent with the other views in the admin. Thanks Jannis Leidel for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8529 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-25 03:55:47 +00:00
Brian Rosner 072083f261 Fixed #8520 -- Corrected a dumb typo in the call to password_change in django/contrib/admin/sites.py. Thanks Karen Tracey for catching this.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8523 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-24 22:45:35 +00:00
Russell Keith-Magee 27b0077a48 Fixed #8509: Cleaned up handling of test cookies in admin logins. Thanks to rajeshd for the report of a problem case.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8509 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-24 06:34:18 +00:00
Brian Rosner 0511435a33 Fixed #8498 -- Add the ability to customize the template for app_index similar to the other views on the AdminSite class. Thanks Jannis Leidel for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8487 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-23 16:27:12 +00:00