Ticket #11191: 11191.4.diff

File 11191.4.diff, 3.8 KB (added by SmileyChris, 6 years ago)
  • django/contrib/admin/options.py

     
    66from django.contrib.admin import widgets
    77from django.contrib.admin import helpers
    88from django.contrib.admin.util import unquote, flatten_fieldsets, get_deleted_objects, model_ngettext, model_format_dict
    9 from django.core.exceptions import PermissionDenied
     9from django.core.exceptions import PermissionDenied, ValidationError
    1010from django.db import models, transaction
    1111from django.db.models.fields import BLANK_CHOICE_DASH
    1212from django.http import Http404, HttpResponse, HttpResponseRedirect
     
    347347        defaults.update(kwargs)
    348348        return modelform_factory(self.model, **defaults)
    349349
     350    def get_object(self, request, object_id):
     351        """
     352        Returns an instance matching the primary key provided. ``None``  is
     353        returned if no match is found (or the object_id failed validation
     354        against the primary key field).
     355        """
     356        queryset = self.queryset(request)
     357        model = queryset.model
     358        try:
     359            object_id = model._meta.pk.to_python(object_id)
     360            return queryset.get(pk=object_id)
     361        except (model.DoesNotExist, ValidationError):
     362            return None
     363
    350364    def get_changelist_form(self, request, **kwargs):
    351365        """
    352366        Returns a Form class for use in the Formset on the changelist page.
     
    788802        model = self.model
    789803        opts = model._meta
    790804
    791         try:
    792             obj = self.queryset(request).get(pk=unquote(object_id))
    793         except model.DoesNotExist:
    794             # Don't raise Http404 just yet, because we haven't checked
    795             # permissions yet. We don't want an unauthenticated user to be able
    796             # to determine whether a given object exists.
    797             obj = None
     805        obj = self.get_object(request, unquote(object_id))
    798806
    799807        if not self.has_change_permission(request, obj):
    800808            raise PermissionDenied
     
    988996        opts = self.model._meta
    989997        app_label = opts.app_label
    990998
    991         try:
    992             obj = self.queryset(request).get(pk=unquote(object_id))
    993         except self.model.DoesNotExist:
    994             # Don't raise Http404 just yet, because we haven't checked
    995             # permissions yet. We don't want an unauthenticated user to be able
    996             # to determine whether a given object exists.
    997             obj = None
     999        obj = self.get_object(request, unquote(object_id))
    9981000
    9991001        if not self.has_delete_permission(request, obj):
    10001002            raise PermissionDenied
  • tests/regressiontests/admin_views/tests.py

     
    6363
    6464    def testBasicEditGet(self):
    6565        """
    66         A smoke test to ensureGET on the change_view works.
     66        A smoke test to ensure GET on the change_view works.
    6767        """
    6868        response = self.client.get('/test_admin/%s/admin_views/section/1/' % self.urlbit)
    6969        self.failUnlessEqual(response.status_code, 200)
    7070
     71    def testBasicEditGetStringPK(self):
     72        """
     73        A smoke test to ensure GET on the change_view works (returns an HTTP
     74        404 error, see #11191) when passing a string as the PK argument for a
     75        model with an integer PK field.
     76        """
     77        response = self.client.get('/test_admin/%s/admin_views/section/abc/' % self.urlbit)
     78        self.failUnlessEqual(response.status_code, 404)
     79
    7180    def testBasicAddPost(self):
    7281        """
    7382        A smoke test to ensure POST on add_view works.
Back to Top