Commit Graph

100 Commits

Author SHA1 Message Date
Aymeric Augustin 7339f43c71 Prevented admin from importing auth.User.
Since we don't enforce order between apps, root packages of contrib apps
cannot import models from unrelated apps.

Fix #22005, refs #21719.
2014-03-09 20:29:00 +01:00
Alex Gaynor 6f504266b2 Removed two imports which are now unused 2014-02-04 15:45:18 -08:00
Claude Paroz 343dfff133 Removed the this_is_the_login_form hack
Refs #21911. Now that we have a more traditional login form, we
don't need any more a special field telling us we are dealing with
the login form.
2014-02-04 20:02:28 +01:00
Claude Paroz be0ad62994 Fixed #21911 -- Made admin views redirect to login when needed
Historically, the Django admin used to pass through the request
from an unauthorized access to the login view directly. Now we
are using a proper redirection, which is also preventing
inadvertantly changing data when POSTing login data to an admin
view when user is already authorized.
Thanks Marc Tamlyn and Tim Graham for the reviews.
2014-02-04 20:02:28 +01:00
Claude Paroz 5848bea9dc Made staff_member_required redirect to login
Refs #21911.
2014-02-04 20:02:28 +01:00
Aymeric Augustin 76ff266df1 Avoided importing models from django.contrib.admin.
Fixed #21923. Refs #21719.
2014-02-01 20:38:15 +01:00
Aymeric Augustin 2ff93e027c Fixed #21829 -- Added default AppConfigs.
Thanks Russell for the report, Marc for the initial patch, Carl for the
final review, and everyone who contributed to the design discussion.
2014-01-25 10:41:56 +01:00
Russell Keith-Magee d818e0c9b2 Fixed #16905 -- Added extensible checks (nee validation) framework
This is the result of Christopher Medrela's 2013 Summer of Code project.

Thanks also to Preston Holmes, Tim Graham, Anssi Kääriäinen, Florian
Apolloner, and Alex Gaynor for review notes along the way.

Also: Fixes #8579, fixes #3055, fixes #19844.
2014-01-20 10:45:21 +08:00
Aymeric Augustin 10e0cfc0e4 Fixed #21712 -- Moved autodiscover() to AdminConfig.ready().
Thanks Marc Tamlyn for the initial version of the patch.
2014-01-18 23:06:00 +01:00
Aymeric Augustin 6a320cc14a Fixed #21718 -- Renamed has_app to is_installed. 2014-01-06 22:48:41 +01:00
Aymeric Augustin 80d74097b4 Stopped populating the app registry as a side effect.
Since it triggers imports, it shouldn't be done lightly.

This commit adds a public API for doing it explicitly, django.setup(),
and does it automatically when using manage.py and wsgi.py.
2013-12-30 22:11:17 +01:00
Aymeric Augustin 1716b7ce5a Renamed AppCache to Apps.
Also renamed app_cache to apps and "app cache" to "app registry".

Deprecated AppCache.app_cache_ready() in favor of Apps.ready().
2013-12-24 12:25:17 +01:00
Claude Paroz 8cff95e937 Used a more translator-friendly format in admin sites.py 2013-12-23 09:44:16 +01:00
Aymeric Augustin ba60fcbcf7 Used application verbose names in the admin. 2013-12-22 16:53:57 +01:00
Aymeric Augustin 2fef9e5375 Moved apps back in the toplevel django namespace.
Reverted 4a56a93cc4.
2013-12-22 11:39:55 +01:00
Aymeric Augustin 2239081ff1 Expurged INSTALLED_APPS from code and tests.
Except the app cache code and a few specific tests, of course.
2013-12-22 11:39:18 +01:00
Loic Bistuer a2814846ca Fixed E124 pep8 warnings. 2013-12-10 15:12:48 -05:00
Christopher Medrela 7477a4ffde Fixed E125 pep8 warnings 2013-11-28 08:50:11 -05:00
Keryn Knight 170f721367 Fixed #21056 -- AdminSite.app_index no longer blindly accepts any app-labelish input. 2013-09-11 08:48:32 -04:00
Keryn Knight 0d74f9553c Fixed #21063 -- AdminSite app_index should be fail early if the user has no permissions. 2013-09-09 12:51:03 -04:00
Loic Bistuer ec47de77d6 Fixed regression introduced by a962286, changed ugettext to ugettext_lazy. 2013-09-07 08:09:13 -04:00
Adrian Holovaty a962286b74 Added AdminSite attributes for easily changing admin title.
AdminSite now has overridable site_header, site_title and index_title attributes. Changed
each admin view to pass these to the context (in a new AdminSite.each_context() method).
The intent here is to make it easier to override these things in the common case, instead of
having to override a template, which is a bigger burden.
2013-09-06 12:31:50 -05:00
Adrian Holovaty 273a1e6b8d Fixed awkward indentation in admin URLconfs 2013-09-06 12:31:50 -05:00
Thomas Sorrel bb145e2c47 Fixed #13629 -- Added CSS classes to the `<body>` tag of some admin templates to allow style customizations per app or per model. 2013-07-21 20:17:14 +00:00
Honza Kral 4ad1eb1c14 Fixed #12674 -- provide a way to override admin validation
Moved admin validation code to classes and have those be class
attributes to the ModelAdmin classes.
2013-05-19 12:42:52 +02:00
Gavin Wahl ec04fd1344 Fixed spelling errors 2013-03-28 11:16:53 -06:00
Deric Crago 9d6ecc6bc6 Fixed #19327 -- Added handling of double login attempts in admin.
Thanks to Krzysztof Jurewicz for initial patch and
adupin for tests.
2013-03-18 17:11:07 -07:00
Simon Charette ec469ade2b Fixed #19689 -- Renamed `Model._meta.module_name` to `model_name`. 2013-02-05 04:16:07 -05:00
Ramiro Morales b64d30405a Fixed #18697 -- Made values accepted for two customizable admin templates consistent.
Thanks and at cloverfastfood dot com for the report.
2012-12-04 01:13:01 -03:00
Julien Phalip 2e2c4968f6 Fixed #17050 -- Added some CSS class names to the admin index pages to facilitate per-app or per-model style customizations. Thanks to scytale for the report and to H0ff1 and thiderman for their work on the patch. 2012-12-02 20:54:34 -08:00
Russell Keith-Magee 70a0de37d1 Fixed #3011 -- Added swappable auth.User models.
Thanks to the many people that contributed to the development and review of
this patch, including (but not limited to) Jacob Kaplan-Moss, Anssi
Kääriäinen, Ramiro Morales, Preston Holmes, Josh Ourisman, Thomas Sutton,
and Roger Barnes, as well as the many, many people who have contributed to
the design discussion around this ticket over many years.

Squashed commit of the following:

commit d84749a0f0
Merge: 531e771 7c11b1a
Author: Russell Keith-Magee <russell@keith-magee.com>
Date:   Wed Sep 26 18:37:04 2012 +0800

    Merge remote-tracking branch 'django/master' into t3011

commit 531e7715da
Merge: 29d1abb 1f84b04
Author: Russell Keith-Magee <russell@keith-magee.com>
Date:   Wed Sep 26 07:09:23 2012 +0800

    Merged recent trunk changes.

commit 29d1abbe35
Merge: 8a527dd 54c81a1
Author: Russell Keith-Magee <russell@keith-magee.com>
Date:   Mon Sep 24 07:49:46 2012 +0800

    Merge remote-tracking branch 'django/master' into t3011

commit 8a527dda13
Author: Russell Keith-Magee <russell@keith-magee.com>
Date:   Mon Sep 24 07:48:05 2012 +0800

    Ensure sequences are reset correctly in the presence of swapped models.

commit e2b6e22f29
Author: Russell Keith-Magee <russell@keith-magee.com>
Date:   Sun Sep 23 17:53:05 2012 +0800

    Modifications to the handling and docs for auth forms.

commit 98aba856b5
Author: Russell Keith-Magee <russell@keith-magee.com>
Date:   Sun Sep 23 15:28:57 2012 +0800

    Improved error handling and docs for get_user_model()

commit 0229209c84
Merge: 6494bf9 8599f64
Author: Russell Keith-Magee <russell@keith-magee.com>
Date:   Sun Sep 23 14:50:11 2012 +0800

    Merged recent Django trunk changes.

commit 6494bf91f2
Author: Russell Keith-Magee <russell@keith-magee.com>
Date:   Mon Sep 17 21:38:44 2012 +0800

    Improved validation of swappable model settings.

commit 5a04cde342
Author: Russell Keith-Magee <russell@keith-magee.com>
Date:   Mon Sep 17 07:15:14 2012 +0800

    Removed some unused imports.

commit ffd535e413
Author: Russell Keith-Magee <russell@keith-magee.com>
Date:   Sun Sep 16 20:31:28 2012 +0800

    Corrected attribute access on for get_by_natural_key

commit 913e1ac84c
Author: Russell Keith-Magee <russell@keith-magee.com>
Date:   Sun Sep 16 20:12:34 2012 +0800

    Added test for proxy model safeguards on swappable models.

commit 280bf19e94
Merge: dbb3900 935a863
Author: Russell Keith-Magee <russell@keith-magee.com>
Date:   Sun Sep 16 18:16:49 2012 +0800

    Merge remote-tracking branch 'django/master' into t3011

commit dbb3900775
Author: Russell Keith-Magee <russell@keith-magee.com>
Date:   Sun Sep 16 18:09:27 2012 +0800

    Fixes for Python 3 compatibility.

commit dfd72131d8
Author: Russell Keith-Magee <russell@keith-magee.com>
Date:   Sun Sep 16 15:54:30 2012 +0800

    Added protection against proxying swapped models.

commit abcb027190
Author: Russell Keith-Magee <russell@keith-magee.com>
Date:   Sun Sep 16 15:11:10 2012 +0800

    Cleanup and documentation of AbstractUser base class.

commit a9491a8776
Merge: fd8bb4e 08bcb4a
Author: Russell Keith-Magee <russell@keith-magee.com>
Date:   Sun Sep 16 14:46:49 2012 +0800

    Merge commit '08bcb4aec1ed154cefc631b8510ee13e9af0c19d' into t3011

commit fd8bb4e3e4
Author: Russell Keith-Magee <russell@keith-magee.com>
Date:   Sun Sep 16 14:20:14 2012 +0800

    Documentation improvements coming from community review.

commit b550a6d06d
Author: Russell Keith-Magee <russell@keith-magee.com>
Date:   Sun Sep 16 13:52:47 2012 +0800

    Refactored skipIfCustomUser into the contrib.auth tests.

commit 52a02f1110
Author: Russell Keith-Magee <russell@keith-magee.com>
Date:   Sun Sep 16 13:46:10 2012 +0800

    Refactored common 'get' pattern into manager method.

commit b441a6bbc7
Author: Russell Keith-Magee <russell@keith-magee.com>
Date:   Sun Sep 16 13:41:33 2012 +0800

    Added note about backwards incompatible change to admin login messages.

commit 08bcb4aec1
Author: Anssi Kääriäinen <akaariai@gmail.com>
Date:   Sat Sep 15 18:30:33 2012 +0300

    Splitted User to AbstractUser and User

commit d9f5e5addb
Author: Anssi Kääriäinen <akaariai@gmail.com>
Date:   Sat Sep 15 18:30:02 2012 +0300

    Reworked REQUIRED_FIELDS + create_user() interaction

commit 579f152e4a
Merge: 9184972 93e6733
Author: Russell Keith-Magee <russell@keith-magee.com>
Date:   Sat Sep 15 20:18:37 2012 +0800

    Merge remote-tracking branch 'django/master' into t3011

commit 918497218c
Author: Russell Keith-Magee <russell@keith-magee.com>
Date:   Sat Sep 15 20:18:19 2012 +0800

    Deprecate AUTH_PROFILE_MODULE and get_profile().

commit 334cdfc1bb
Author: Russell Keith-Magee <russell@keith-magee.com>
Date:   Sat Sep 15 20:00:12 2012 +0800

    Added release notes for new swappable User feature.

commit 5d7bb22e8d
Author: Russell Keith-Magee <russell@keith-magee.com>
Date:   Sat Sep 15 19:59:49 2012 +0800

    Ensure swapped models can't be queried.

commit 57ac6e3d32
Merge: f2ec915 abfba3b
Author: Russell Keith-Magee <russell@keith-magee.com>
Date:   Sat Sep 15 14:31:54 2012 +0800

    Merge remote-tracking branch 'django/master' into t3011

commit f2ec915b20
Merge: 1952656 5e99a3d
Author: Russell Keith-Magee <russell@keith-magee.com>
Date:   Sun Sep 9 08:29:51 2012 +0800

    Merge remote-tracking branch 'django/master' into t3011

commit 19526563b5
Merge: 2c5e833 c4aa26a
Author: Russell Keith-Magee <russell@keith-magee.com>
Date:   Sun Sep 9 08:22:26 2012 +0800

    Merge recent changes from master.

commit 2c5e833a30
Author: Russell Keith-Magee <russell@keith-magee.com>
Date:   Sun Sep 9 07:53:46 2012 +0800

    Corrected admin_views tests following removal of the email fallback on admin logins.

commit 20d1892491
Author: Russell Keith-Magee <russell@keith-magee.com>
Date:   Sun Sep 9 01:00:37 2012 +0800

    Added conditional skips for all tests dependent on the default User model

commit 40ea8b8882
Author: Russell Keith-Magee <russell@keith-magee.com>
Date:   Sat Sep 8 23:47:02 2012 +0800

    Added documentation for REQUIRED_FIELDS in custom auth.

commit e6aaf65970
Author: Russell Keith-Magee <russell@keith-magee.com>
Date:   Sat Sep 8 23:20:02 2012 +0800

    Added first draft of custom User docs.

    Thanks to Greg Turner for the initial text.

commit 75118bd242
Author: Thomas Sutton <me@thomas-sutton.id.au>
Date:   Mon Aug 20 11:17:26 2012 +0800

    Admin app should not allow username discovery

    The admin app login form should not allow users to discover the username
    associated with an email address.

commit d088b3af58
Author: Thomas Sutton <me@thomas-sutton.id.au>
Date:   Mon Aug 20 10:32:13 2012 +0800

    Admin app login form should use swapped user model

commit 7e82e83d67
Merge: e29c010 39aa890
Author: Russell Keith-Magee <russell@keith-magee.com>
Date:   Fri Sep 7 23:45:03 2012 +0800

    Merged master changes.

commit e29c010beb
Merge: 8e3fd70 30bdf22
Author: Russell Keith-Magee <russell@keith-magee.com>
Date:   Mon Aug 20 13:12:57 2012 +0800

    Merge remote-tracking branch 'django/master' into t3011

commit 8e3fd703d0
Merge: 507bb50 26e0ba0
Author: Russell Keith-Magee <russell@keith-magee.com>
Date:   Mon Aug 20 13:09:09 2012 +0800

    Merged recent changes from trunk.

commit 507bb50a92
Author: Russell Keith-Magee <russell@keith-magee.com>
Date:   Mon Jun 4 20:41:37 2012 +0800

    Modified auth app so that login with alternate auth app is possible.

commit dabe362836
Author: Russell Keith-Magee <russell@keith-magee.com>
Date:   Mon Jun 4 20:10:51 2012 +0800

    Modified auth management commands to handle custom user definitions.

commit 7cc0baf89d
Author: Russell Keith-Magee <russell@keith-magee.com>
Date:   Mon Jun 4 14:17:28 2012 +0800

    Added model Meta option for swappable models, and made auth.User a swappable model
2012-09-26 18:48:09 +08:00
Aymeric Augustin ee191715ea [py3] Fixed access to dict keys/values/items. 2012-08-07 12:00:22 +02:00
Daniel Hepper aee9eecb92 Fixed #18444 -- Replace hard coded "View on Site" URLs 2012-06-18 18:12:29 +02:00
Ramiro Morales ecc8208f88 Removed executable bits from some files that don't need them.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17673 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-03-09 12:13:31 +00:00
Jannis Leidel 03eeb020a0 Fixed #159 -- Prevent the `AdminSite` from logging users out when they try to log in form the logout page. Many thanks, ashchristopher.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17465 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-02-09 18:56:23 +00:00
Ramiro Morales 752a43e245 Reverted [17378] until a public API is available for application labels.
This will allow to solve the i18n of such labels in a more holistic way
without the need to introduce temporary, undocumented mechanisms to
translate them.

Refs #3591, #10436

git-svn-id: http://code.djangoproject.com/svn/django/trunk@17389 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-01-23 16:17:47 +00:00
Ramiro Morales 203c4fef4d Fixed translatability of application names in admin app.
Also, made usage of the `filter` template tag consistent in some
breadcrumbs elements across the different admin templates.

Fixes #10436.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@17378 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-01-19 11:23:31 +00:00
Ramiro Morales 554f0601b5 Stopped unconditionally reversing admin model add/change URLs.
Starting with [16857] this could cause HTTP 500 errors when
`ModelAdmin.get_urls()` has been customized to the point it doesn't
provide these standard URLs.

Fixes #17333. Refs #15294.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@17237 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-12-19 14:59:14 +00:00
Ramiro Morales aaf77c1676 Converted internal link generation in the admin and admin document generator to use named URLs.
Thanks to Florian Apolloner for both the initial patch and his final push to get
this fixed, to Dario Ocles for his great work on the admin templates and
switching the admin_doc application to also use named URLs, to Mikko Hellsing
for his comments and to Jannis and Julien for their review and design guidance.

Fixes #15294.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16857 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-09-20 18:30:06 +00:00
Ramiro Morales 26b8122087 Fixed #14675 -- Completed removal of `from django.conf.urls.default import *` usage.
This applies to both our own [test] code and documentation examples. Also:
 * Moved the functions and handlers from `django.conf.urls.defaults` up to
   `django.conf.urls` deprecating the former module.
 * Added documentation for `handler403`.
 * Tweaked the URLs topic document a bit.

Thanks to pupeno and cdestigter for their great work contributing patches.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16818 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-09-11 22:36:16 +00:00
Ramiro Morales f90449321b Simplified AdminSite self.name attribute initialization.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16576 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-07-30 19:22:43 +00:00
Ramiro Morales ff9a666753 Removed deprecated admin contrib app AdminSite root_path attribute. Refs #15294, r11250, r16136.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16575 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-07-30 19:09:23 +00:00
Ramiro Morales 817f03f63f Cleaned up admin sites.py imports.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16134 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-04-30 22:24:08 +00:00
Jannis Leidel c8092b840b Fixed #15008 -- Replaced all calls in the admin to render_to_response with TemplateResponses for easier customization. Thanks to Chris Adams for the initial patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16087 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-04-22 18:17:16 +00:00
Adrian Holovaty a87be3554f Removed a bunch of Python 2.4 workarounds now that we don't support it. Refs #15702 -- thanks to jonash for the patch. Splitting this over muliple commits to make it more manageable.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15926 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-03-28 01:40:43 +00:00
Russell Keith-Magee 49cfe25399 Fixed #15512 -- Cleanup of imports in contrib.admin. Thanks to Julien Phalip for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15719 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-03-03 01:54:33 +00:00
Jacob Kaplan-Moss 174d8db57c Prevented non-admin users from accessing the admin redirect shortcut.
If the admin shortcut view (e.g. /admin/r/<content-type>/<pk>/) is
publically-accessible, and if a public users can guess a content-type ID
(which isn't hard given that they're sequential), then the redirect view could
possibly leak data by redirecting to pages a user shouldn't "know about." So
the redirect view needs the same protection as the rest of the admin site.

Thanks to Jason Royes for pointing this out.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@15639 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-24 13:34:51 +00:00
Russell Keith-Magee 12bd7bcb35 Fixed #12004 -- Improved error reporting when an abstract class is registered with the admin. Thanks to Matt Smalley for the report, and to mk and Julien Phalip for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15636 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-23 13:43:21 +00:00
Jannis Leidel 5f4bc1ff23 Fixed a few translation related tests:
* Extended the admin i18n view to also take the admin translation catalogues into account.
  * Use a translation string from the core translations to test LOCALE_PATHS.
  * Fixed Russian translation of singular forms.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@15273 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-01-21 19:36:26 +00:00
Jannis Leidel cc64fb5c4b Fixed #8342 -- Removed code from the admin that assumed that you can't login with an email address (nixed by r12634). Also refactored login code slightly to be DRY by using more of auth app's forms and views.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14769 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-12-02 00:44:35 +00:00