Commit Graph

122 Commits

Author SHA1 Message Date
Ramiro Morales bd3b5e8c2b Fixed #15517 -- Fixed regression in admin search_fields option introduced in r15526. Thanks Fabian Buechler for the report and fix and Julien Phalip for adding tests.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15677 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-03-01 02:04:35 +00:00
Russell Keith-Magee b5b5ba6cd9 Fixed #10918 -- Ensure that the search widget on a raw_id_admin uses the right field name when the ForeignKey has a to_field definition. Thanks to David Cramer for the report, Collin Anderson for the fix, and Julien Phalip for the test.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15657 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-26 12:44:25 +00:00
Jacob Kaplan-Moss 174d8db57c Prevented non-admin users from accessing the admin redirect shortcut.
If the admin shortcut view (e.g. /admin/r/<content-type>/<pk>/) is
publically-accessible, and if a public users can guess a content-type ID
(which isn't hard given that they're sequential), then the redirect view could
possibly leak data by redirecting to pages a user shouldn't "know about." So
the redirect view needs the same protection as the rest of the admin site.

Thanks to Jason Royes for pointing this out.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@15639 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-24 13:34:51 +00:00
Ramiro Morales 4b13e76deb Fixed #14012 (again) -- Admin app: Don't show the full user edition view after adding a user in a FK popup. Thanks dburke for reporting this regression introduced in r14628.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15637 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-24 01:00:57 +00:00
Ramiro Morales 52fc61e0cf Fixed #14529 -- Fixed representation of model names in admin messages after model object changes when the ModelAdmin queryset() uses defer() or only(). Thanks rlaager for report and initial patch, to rasca an julien for help in tracking the problem.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15596 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-20 23:09:25 +00:00
Russell Keith-Magee 75a1aaa1f9 Fixed #11513 -- Ensure that the redirect at the end of an object change won't redirect to a page for which the user doesn't have permission. Thanks to rlaager for the report and draft patch, and to Julien Phalip for the final patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15584 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-19 14:05:07 +00:00
Russell Keith-Magee fe3c9ad551 Fixed #14355 -- Ensure that help_text is displayed for readonly fields in the admin. Thanks to jester for the report, and to alexbmeng, subsume, wamberg and Julien Phalip for ther work on the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15582 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-19 12:55:09 +00:00
Russell Keith-Magee 791ecb4be4 Fixed #13126 -- Ensured that individual form errors are displayed when errors occur on a list-editable changelist. Thanks to slafs for the report, and to Julien Phalip for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15580 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-19 11:48:42 +00:00
Ramiro Morales d5042109b8 Corrected small error when preserving an I18N-related setting value in an admin views test setup.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15550 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-16 03:30:27 +00:00
Russell Keith-Magee c2666c9a45 Ensure that L10N formats aren't cached between tests.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15461 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-09 00:09:54 +00:00
Russell Keith-Magee 4e7c2ba1d7 Cleaned up the tests from r15451 to avoid the need to retrieve a URL twice.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15453 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-08 12:20:18 +00:00
Russell Keith-Magee 74ffca17e2 Fixed #10573 -- Corrected autofocus problem in admin when the first widget displayed is a multiwidget. Thanks to rduffield for the report, and to Ramiro and Julien Phalip for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15452 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-08 12:00:21 +00:00
Russell Keith-Magee a105ca5d7a Fixed #15234 -- Ensure that years in a date heirarchy don't use commas for thousand separators, regardless of the value of USE_THOUSAND_SEPARATOR. Thanks to Julien Phalip for the report and patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15451 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-08 12:00:01 +00:00
Russell Keith-Magee 5582ad149c Fixed #14895 -- Ensure that USE_THOUSAND_SEPARATOR doesn't break the delete confirmation page. Thanks to Tuttle for the report, and Julien Phalip for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15435 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-06 06:16:03 +00:00
Russell Keith-Magee d44fb0557a Fixed #14824 -- Corrected the handling of formats when USE_L10N is disabled. Thanks to nullie for the report and initial patch, and to idle for the separate report with helpful debug info.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15404 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-04 13:52:36 +00:00
Luke Plant 655d5afea9 Fixed #14880 - raw_id_fields in admin does not work when limit_choices_to dictionary has value=False
Thanks to smallming for the report.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@15348 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-01-28 14:08:42 +00:00
Luke Plant c24bdf044b Fixed #15103 - SuspiciousOperation with limit_choices_to and raw_id_fields
Thanks to natrius for the report.

This patch also fixes some unicode bugs in affected code.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@15347 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-01-28 14:08:25 +00:00
Carl Meyer 53dac996ef Poured a little more perfectionism into the delete-confirmation templates.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15250 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-01-20 01:00:47 +00:00
Carl Meyer 93a4d46184 Fixed #14672 - Added admin handling for on_delete=PROTECT. Thanks to jtiai for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15249 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-01-20 00:33:32 +00:00
Ramiro Morales 1c56af676d Added tests demonstrating that filtering lookup expression that involve model with inheritance schemes aren't incorrectly blacklisted by the r15031 security fix. Refs. #15032.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15178 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-01-12 23:30:47 +00:00
Russell Keith-Magee 6bd8c14be9 Fixed #14999 -- Ensure that filters on local fields are allowed, and aren't caught as a security problem. Thanks to medhat for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15139 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-01-03 13:56:31 +00:00
Ramiro Morales 0f783b7f4e Fixed #2986 -- Made the JavaScript code that drives related model instance addition in a popup window handle a model representation containing new lines. Also, moved the escapejs functionality yoo django.utils.html so it can be used from Python code. Thanks andrewwatts for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15131 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-01-02 17:34:52 +00:00
Jannis Leidel 7a89d3d503 Fixed #11700 -- Stopped admin actions and list_editable fields to show up in popups. Thanks to Simon Meers for the initial patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15129 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-01-02 01:32:40 +00:00
Alex Gaynor 732198ed5c Fix a security issue in the admin. Disclosure and new release forthcoming.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15031 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-12-23 03:44:38 +00:00
Jannis Leidel 2c2209b473 Fixed #13607 -- Auto-initialize admin's date hierarchy links intelligently. Thanks, Simon Meers.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14879 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-12-12 22:54:50 +00:00
Alex Gaynor 5bc0ec4ec4 Removed all usages of deprecated TestCase methods (self.fail*). This removed most of the Warnings emitted (with -Wall) during the test suite.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14803 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-12-04 07:28:12 +00:00
Jannis Leidel cc64fb5c4b Fixed #8342 -- Removed code from the admin that assumed that you can't login with an email address (nixed by r12634). Also refactored login code slightly to be DRY by using more of auth app's forms and views.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14769 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-12-02 00:44:35 +00:00
Honza Král dc334a2ba8 Fixed #3400 -- Support for lookup separator with list_filter admin option. Thanks to DrMeers and vitek_pliska for the patch!
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14674 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-11-21 19:29:15 +00:00
Alex Gaynor 274aba3b9b Fixed #11108 -- added ModelAdmin.delete_model, a hook with which to perform custom pre-post delete behavior. Thanks to Florian Apolloner for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14673 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-11-21 19:00:40 +00:00
Ramiro Morales 0e26f58dae Corrected change in behavior regarding the page shown after the 'Save' button is pressed when adding a user through the admin.
It had been introduced in trunk (r13503) and between 1.2.1 and 1.2.2 (r13504). The original fix intended to correct a similar problem introduced between 1.1 and 1.2 (r12218) this time in the 'Save and add another' button.
We have now tests for the three buttons present in the Add User admin form to avoid future regressions.
Thanks to Juan Pedro Fisanotti and Cesar H. Roldan for their work.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@14628 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-11-19 22:45:51 +00:00
Russell Keith-Magee 121d2e3678 Fixed #12991 -- Added unittest2 support. Thanks to PaulM for the draft patch, and to Luke, Karen, Justin, Alex, Łukasz Rekucki, and Chuck Harmston for their help testing and reviewing the final patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14139 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-11 12:55:17 +00:00
Ramiro Morales d084439c41 Fixed #12650 -- Don't generate invalid XHTML in the admin, databrowse apps when
the i18n context processor is active. Thanks to Rob Hudson for the report and
fix suggestion.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@14104 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-10 01:57:56 +00:00
Karen Tracey 506d559876 Adjust AdminDocTests to run after r13728. Also match comments to tests and add test that was there in comment form only.Refs #3695.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@13737 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-09-11 00:02:33 +00:00
Malcolm Tredinnick 30610719d5 Adding related objects in the admin (via popup) respects user
permissions. Patch from SmileyChris. Fixed #1035.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@13708 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-09-10 16:56:36 +00:00
Luke Plant ef4b29a001 Fixed #13081 - Admin actions lose get-parameters in changelist view
Thanks to joh for report and to SmileyChris for patch.



git-svn-id: http://code.djangoproject.com/svn/django/trunk@13696 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-09-07 20:55:53 +00:00
Russell Keith-Magee a352154e42 Fixed #14123 -- Made AdminDocs tests optional, based on the availability of docutils. Thanks to PaulM for the original report, and Łukasz Rekucki for narrowing down the cause.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@13606 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-08-19 13:11:24 +00:00
Russell Keith-Magee 7e52bb2bc3 Fixed #13796 -- Ensure that builtin tags and filters are included in admin documentation views.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@13588 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-08-14 13:41:56 +00:00
Russell Keith-Magee cefee67b7d Fixed #14014 -- Ensure that the "save and add another" button for users actually does what it says. Thanks to Ramiro for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@13503 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-08-06 16:08:40 +00:00
Russell Keith-Magee 2ab3b52d2a Fixed #14012 -- Corrected the handling of the create user popup dialog in the admin. Thanks to gk@lka.hu for the report, and Ramiro Morales for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@13501 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-08-06 14:58:05 +00:00
Russell Keith-Magee 21e84194b5 Fixed #13514 -- Corrected the process of loading multiple javascript translation catalogs. Thanks to jtiai for the report, to Ramiro Morales for working out the test case, and to Ramiro and Jannis for their help on the fix.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@13250 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-05-13 13:29:31 +00:00
Jannis Leidel cce32a9b09 Fixed #13166 - Added JavaScript warnings to admin changelist to help against ambiguity between action and list_editable form submission. Thanks to blinkylights and aaugustin for the report and initial patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@13072 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-05-02 23:02:16 +00:00
Jannis Leidel 43bf086783 Fixed #13388 - Refined changes made in r12384 in the JavaScript i18n admin view.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@13069 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-05-02 19:46:31 +00:00
Jannis Leidel c3dbe9d509 Fixed #13361 - Made sure jQuery is always included in the admin changelist and changeform. Thanks to Carl Meyer for report and patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@12997 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-04-19 10:16:25 +00:00
Jannis Leidel 31f7ff1518 Fixed #12903 - Made translating the admin action selection text easier. Thanks to Ramiro Morales for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@12968 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-04-13 10:29:19 +00:00
Russell Keith-Magee faceca7075 Fixed #13301 -- Corrected problem with capitalization of changelist row headers in admin. Thanks to emyller for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@12947 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-04-11 08:35:04 +00:00
Russell Keith-Magee f4c76fb604 Fixed #13298 -- Modified test assertion to ensure that javascript variables aren't mistakenly identified as <input> HTML tags. Thanks to mk for the report and fix.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@12946 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-04-11 06:58:33 +00:00
Russell Keith-Magee 90d112785b Fixed #13038 -- Ensured that readonly fields in the admin have their name added as a CSS class. Thanks to andybak for the report, and javimansilla, fisadev and fgallina for their work on the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@12922 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-04-05 15:37:43 +00:00
Russell Keith-Magee c421a4fd92 Fixed #11949 -- Added a hook to allow ModelAdmin customization of the delete selected template. Thanks to bendavis78 for the report and patch, and Ramiro Morales for his cleanup work.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@12916 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-04-05 12:02:27 +00:00
Karen Tracey f88c2f16e8 Fixed #13004: Ensure the add page for a model with a ManyToManyField specified
in readonly_fields does not raise an exception. Thanks hejsan, mlavin, copelco.



git-svn-id: http://code.djangoproject.com/svn/django/trunk@12827 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-03-21 14:23:25 +00:00
Karen Tracey 4528f39886 Fixed #12962: Made admin delete action work again. Thanks ptone, skevy, mlavin and anyone else I've missed.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@12813 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-03-20 14:53:17 +00:00