Commit Graph

105 Commits

Author SHA1 Message Date
Simon Charette 342ccbddc1 Fixed #23431 -- Allowed inline and hidden references to admin fields.
This fixes a regression introduced by the 53ff096982 security fix.

Thanks to @a1tus for the report and Tim for the review.

refs #23329.
2014-09-08 13:49:07 -04:00
Simon Charette 3cbb7590cb Fixed #23329 -- Allowed inherited and m2m fields to be referenced in the admin.
Thanks to Trac alias Markush2010 and ross for the detailed reports.
2014-08-27 21:26:53 -04:00
areski a81af7f49d Fixed #13749 -- Added link from admin site to front-end site.
Thanks romankrv for the suggestion.
2014-08-27 08:34:53 -04:00
Simon Charette 53ff096982 Prevented data leakage in contrib.admin via query string manipulation.
This is a security fix. Disclosure following shortly.
2014-08-20 14:39:40 -04:00
areski 3021453285 Fixed #20133 -- Added summary to admin deletion confirmation pages.
Thanks jonash for the suggestion and initial patch.
2014-08-14 13:56:23 -04:00
Tim Graham 9b1515906e Removed usage of deprecated switch_to_*() selenium methods. 2014-07-24 08:25:15 -04:00
Anssi Kääriäinen 9cd5201abd Fixed #22994 -- regression with generic FK + admin list_view
The reason for the regression was that the GenericForeignKey field isn't
something meta.get_field_by_name() should return. The reason is that a
couple of places in Django expects get_field_by_name() to work this way.
It could make sense to return GFKs from get_field_by_name(), but that
should likely be done as part of meta refactoring or virtual fields
refactoring patches.

Thanks to glicerinu@gmail.com for the report and to Tim for working on
the issue.
2014-07-14 10:50:41 -04:00
Claude Paroz 22b2fb0ba1 Fixed #22939 -- Delayed admin_static backend detection
Thanks generalov for the report.
2014-07-12 18:49:43 +02:00
Claude Paroz e167e96cfe Fixed #22223 -- Prevented over-escaping URLs in reverse()
And follow more closely the class of characters defined in the
RFC 3986.
Thanks Erik van Zijst for the report and the initial patch, and
Tim Graham for the review.
2014-07-09 09:54:34 +02:00
Tim Graham 89b9e6e5d6 Fixed #22909 -- Removed camelCasing in some tests.
Thanks brylie.
2014-07-07 19:08:42 -04:00
Riccardo Magliocchetti 68c9a72e29 Fixed #22894 -- Made admin add related/raw ID fields widgets customizable.
Decoupled behavior and style from the RelatedFieldWidgetWrapper and
ForeignKeyRawIdWidget.
2014-06-26 15:02:42 -04:00
Claude Paroz c6a711d9e5 Removed some apps from ALWAYS_INSTALLED_APPS 2014-06-21 21:01:37 +02:00
Maxime Turcotte 504c89e800 Fixed #6327 -- Added has_module_permission method to BaseModelAdmin
Thanks chrj for the suggestion.
2014-06-13 09:31:40 -04:00
Tim Graham 99f5ea9cc8 Fixed #22653 -- Added some database feature flags to tests.
Thanks Rahul Priyadarshi.
2014-06-11 11:45:18 -04:00
Tim Graham fea8ccdcc4 Removed unused import. 2014-06-09 18:41:35 -04:00
Aymeric Augustin 40bfd8561d Fixed #20420 -- Normalized query counts on Oracle.
This is achieved by inserting a fake entry in connection.queries when
not releasing a savepoint (since Oracle doesn't support that operation.)

Also removed the can_release_savepoints feature that was recently added,
but is superseded by this solution.
2014-06-09 21:38:10 +02:00
Nick Presta 11f0899bbe Fixed #11776 -- Added CSS class for non-field/top of form errors.
Thanks Daniel Pope for the suggestion.
2014-06-02 15:22:15 -04:00
Stas Rudakou ebd70d4d00 Fixed #22266 - quote PK before redirecting away from add_view (django.contrib.admin) 2014-05-16 18:33:17 +02:00
Claude Paroz e520a73eee Harmonized some PEP 0263 coding preambles 2014-05-15 19:58:41 +02:00
Aymeric Augustin c70a61eb49 Replaced vendor checks by three feature flags. 2014-05-08 22:11:15 +02:00
Alex Gaynor 2bcb8bfc8d Fix many many typos in comments throughout the codebase 2014-04-26 10:18:45 -07:00
Tim Graham d238c58912 Fixed #22499 -- Fixed a typo in an admin_views test that caused failure on Oracle. 2014-04-24 07:06:02 -04:00
Alejandro Gómez 7a7f6fccae Fixed #21084 -- Used proxy model's content type for admin log entries. 2014-04-07 08:52:41 -04:00
Anubhav Joshi cd914e31c9 Fixed #21977 -- Deprecated SimpleTestCase.urls 2014-04-06 17:33:43 -04:00
Loic Bistuer 4d996b8e69 Fixed #22360 -- Fixed two non-deterministic tests in Python 3.4.
The order of admin's changelist filters in the querystring relied on
dict ordering.
2014-03-31 08:19:43 -04:00
Loic Bistuer 4339e9a92d Fixed #21795 -- Made add_preserved_filters account for url prefixes.
Thanks to trac username honyczek for the report. Refs #6903.
2014-03-31 07:19:59 -04:00
Alex Gaynor 778ce245dd Corrected many style guide violations that the newest version of flake8 catches 2014-03-30 12:11:05 -07:00
Ben Davis 16afffffe8 Fixed #22087 -- Made AdminReadonlyField respect ModelForm Meta overrides. 2014-03-25 09:33:13 -04:00
Claude Paroz c94bff2b26 Fixed #22241 -- Selectively added line breaks in admin read-only fields
When content is supposed to contain HTML, we do not try to add
line breaks in read-only contents.
Thanks Alexander Todorov for the report.
2014-03-22 17:00:50 +01:00
Rodolfo Carvalho 0d91225892 Fixed many typos in comments and docstrings.
Thanks Piotr Kasprzyk for help with the patch.
2014-03-03 07:38:09 -05:00
Greg Chapple 6acaa52386 Fixed #22135 -- Added ModelAdmin.get_changeform_initial_data().
Allows custom behavior for setting initial form data in ModelAdmin.
By default, initial data is set via GET params. The new method allows
this behavior to be overridden.

Thanks egasimus for the suggestion.
2014-03-03 07:28:24 -05:00
Russell Keith-Magee 3c5fc708f1 Edited contrib.admin check messages for grammar and consistency. 2014-03-03 13:27:17 +08:00
Klemens Mantzos f683cb90be Fixed #21924 -- Added the ability to specify a reverse order for admin_order_field.
Thanks Klemens Mantzos for the report and initial patch.
2014-02-14 19:53:44 -05:00
Christopher Adams eefc88feef Fixed #2445 -- Allowed limit_choices_to attribute to be a callable.
ForeignKey or ManyToManyField attribute ``limit_choices_to`` can now
be a callable that returns either a ``Q`` object or a dict.

Thanks michael at actrix.gen.nz for the original suggestion.
2014-02-11 14:05:12 -05:00
julien 'pouete' Godin f5123c7291 Fixed #21371 -- Added the block.super to admin bodyclass blocks.
Thanks Keryn Knight for the report.
2014-02-10 09:13:29 -05:00
Claude Paroz 343dfff133 Removed the this_is_the_login_form hack
Refs #21911. Now that we have a more traditional login form, we
don't need any more a special field telling us we are dealing with
the login form.
2014-02-04 20:02:28 +01:00
Claude Paroz be0ad62994 Fixed #21911 -- Made admin views redirect to login when needed
Historically, the Django admin used to pass through the request
from an unauthorized access to the login view directly. Now we
are using a proper redirection, which is also preventing
inadvertantly changing data when POSTing login data to an admin
view when user is already authorized.
Thanks Marc Tamlyn and Tim Graham for the reviews.
2014-02-04 20:02:28 +01:00
Claude Paroz 5848bea9dc Made staff_member_required redirect to login
Refs #21911.
2014-02-04 20:02:28 +01:00
Russell Keith-Magee d818e0c9b2 Fixed #16905 -- Added extensible checks (nee validation) framework
This is the result of Christopher Medrela's 2013 Summer of Code project.

Thanks also to Preston Holmes, Tim Graham, Anssi Kääriäinen, Florian
Apolloner, and Alex Gaynor for review notes along the way.

Also: Fixes #8579, fixes #3055, fixes #19844.
2014-01-20 10:45:21 +08:00
Aymeric Augustin e32095616c Imported override_settings from its new location. 2013-12-23 21:37:56 +01:00
Loic Bistuer 6685713869 Fixed E127 pep8 warnings. 2013-12-14 11:59:15 -05:00
Claude Paroz c7c647419c Fixed #21510 -- Readded search reset link in changelist search bar
Thanks moritz.pfeiffer at alp-phone.ch for the report and
Tim Graham for the initial patch.
2013-12-11 15:30:20 +01:00
Jay Leadbetter c74504c2dd Fixed #20522 - Allowed use of partially validated object in ModelAdmin.add_view formset validation.
Updated ModelAdmin to use form.instance when passing parent model to
child inlines for add_view. There is effectively no change in the
change_view since the previously passed 'obj' is the same as form.instance.

Thanks to meshy for report, and EvilDMP and timo for review.
2013-11-25 20:01:16 -05:00
Baptiste Mispelon a739573e17 Fixed test breakage under python 3 introduced by a480f8320a. 2013-11-23 19:50:20 +01:00
Anssi Kääriäinen 752d3d70da Fixed #21431 -- GenRel->FK list_filter regression in admin
Report, analysis and tests from stephenmcd.
2013-11-21 14:52:00 +02:00
Loic Bistuer 8e670a0e50 Refs #8261 -- Fixed regression introduced by fd219fa.
ModelAdmin displayed the "View on site" link even if the Model didn't
define the `get_absolute_url()` method.
2013-11-21 16:26:49 +07:00
Jason Myers 7a61c68c50 PEP8 cleanup
Signed-off-by: Jason Myers <jason@jasonamyers.com>
2013-11-02 23:50:49 -05:00
Tim Graham 36ded01527 Fixed #21302 -- Fixed unused imports and import *. 2013-11-02 15:24:56 -04:00
Unai Zalakain fd219fa24c Fixed #8261 -- ModelAdmin hook for customising the "show on site" button
``ModelAdmin.view_on_site`` defines wether to show a link to the object on the
admin detail page. If ``True``, cleverness (i.e. ``Model.get_absolute_url``) is
used to get the url. If it's a callable, the callable is called with the object
as the only parameter. If ``False``, not link is displayed.

With the aim of maitaining backwards compatibility, ``True`` is the default.
2013-10-29 17:10:12 -04:00
Renato Oliveira 43569647ab Fixed #21299 - Changed filters from title to capfirst on admin inline formsets.
Previously there was a mixture of the two which resulted in inconsistent
casing.
2013-10-24 14:44:07 -04:00