from django.contrib.admin.utils import quote from django.contrib.admin.views.main import IS_POPUP_VAR from django.contrib.auth.models import User from django.template.response import TemplateResponse from django.test import TestCase, override_settings from django.urls import reverse from .models import Action, Car, Person @override_settings(ROOT_URLCONF='admin_custom_urls.urls',) class AdminCustomUrlsTest(TestCase): """ Remember that: * The Action model has a CharField PK. * The ModelAdmin for Action customizes the add_view URL, it's '//!add/' """ @classmethod def setUpTestData(cls): cls.superuser = User.objects.create_superuser(username='super', password='secret', email='super@example.com') Action.objects.create(name='delete', description='Remove things.') Action.objects.create(name='rename', description='Gives things other names.') Action.objects.create(name='add', description='Add things.') Action.objects.create(name='path/to/file/', description="An action with '/' in its name.") Action.objects.create( name='path/to/html/document.html', description='An action with a name similar to a HTML doc path.' ) Action.objects.create( name='javascript:alert(\'Hello world\');">Click here', description='An action with a name suspected of being a XSS attempt' ) def setUp(self): self.client.force_login(self.superuser) def test_basic_add_GET(self): """ Ensure GET on the add_view works. """ add_url = reverse('admin_custom_urls:admin_custom_urls_action_add') self.assertTrue(add_url.endswith('/!add/')) response = self.client.get(add_url) self.assertIsInstance(response, TemplateResponse) self.assertEqual(response.status_code, 200) def test_add_with_GET_args(self): """ Ensure GET on the add_view plus specifying a field value in the query string works. """ response = self.client.get(reverse('admin_custom_urls:admin_custom_urls_action_add'), {'name': 'My Action'}) self.assertContains(response, 'value="My Action"') def test_basic_add_POST(self): """ Ensure POST on add_view works. """ post_data = { IS_POPUP_VAR: '1', "name": 'Action added through a popup', "description": "Description of added action", } response = self.client.post(reverse('admin_custom_urls:admin_custom_urls_action_add'), post_data) self.assertContains(response, 'Action added through a popup') def test_admin_URLs_no_clash(self): # Should get the change_view for model instance with PK 'add', not show # the add_view url = reverse('admin_custom_urls:%s_action_change' % Action._meta.app_label, args=(quote('add'),)) response = self.client.get(url) self.assertContains(response, 'Change action') # Should correctly get the change_view for the model instance with the # funny-looking PK (the one with a 'path/to/html/document.html' value) url = reverse( 'admin_custom_urls:%s_action_change' % Action._meta.app_label, args=(quote("path/to/html/document.html"),) ) response = self.client.get(url) self.assertContains(response, 'Change action') self.assertContains(response, 'value="path/to/html/document.html"') def test_post_save_add_redirect(self): """ ModelAdmin.response_post_save_add() controls the redirection after the 'Save' button has been pressed when adding a new object. """ post_data = {'name': 'John Doe'} self.assertEqual(Person.objects.count(), 0) response = self.client.post(reverse('admin_custom_urls:admin_custom_urls_person_add'), post_data) persons = Person.objects.all() self.assertEqual(len(persons), 1) redirect_url = reverse('admin_custom_urls:admin_custom_urls_person_history', args=[persons[0].pk]) self.assertRedirects(response, redirect_url) def test_post_save_change_redirect(self): """ ModelAdmin.response_post_save_change() controls the redirection after the 'Save' button has been pressed when editing an existing object. """ Person.objects.create(name='John Doe') self.assertEqual(Person.objects.count(), 1) person = Person.objects.all()[0] post_url = reverse('admin_custom_urls:admin_custom_urls_person_change', args=[person.pk]) response = self.client.post(post_url, {'name': 'Jack Doe'}) self.assertRedirects(response, reverse('admin_custom_urls:admin_custom_urls_person_delete', args=[person.pk])) def test_post_url_continue(self): """ The ModelAdmin.response_add()'s parameter `post_url_continue` controls the redirection after an object has been created. """ post_data = {'name': 'SuperFast', '_continue': '1'} self.assertEqual(Car.objects.count(), 0) response = self.client.post(reverse('admin_custom_urls:admin_custom_urls_car_add'), post_data) cars = Car.objects.all() self.assertEqual(len(cars), 1) self.assertRedirects(response, reverse('admin_custom_urls:admin_custom_urls_car_history', args=[cars[0].pk]))