Code

Ticket #16958: patch_1_admin_password_change_limited.diff

File patch_1_admin_password_change_limited.diff, 2.5 KB (added by mpaolini, 3 years ago)

patch with test

Line 
1Index: django/contrib/auth/admin.py
2===================================================================
3--- django/contrib/auth/admin.py        (revision 16911)
4+++ django/contrib/auth/admin.py        (working copy)
5@@ -108,7 +108,7 @@
6     def user_change_password(self, request, id):
7         if not self.has_change_permission(request):
8             raise PermissionDenied
9-        user = get_object_or_404(self.model, pk=id)
10+        user = get_object_or_404(self.queryset(request), pk=id)
11         if request.method == 'POST':
12             form = self.change_password_form(user, request.POST)
13             if form.is_valid():
14Index: tests/regressiontests/admin_views/tests.py
15===================================================================
16--- tests/regressiontests/admin_views/tests.py  (revision 16911)
17+++ tests/regressiontests/admin_views/tests.py  (working copy)
18@@ -2951,6 +2951,11 @@
19             response = self.client.get('/test_admin/admin/auth/user/%s/' % u.pk)
20             self.assertEqual(response.status_code, 200)
21 
22+    def test_user_password_change_limited_queryset(self):
23+        su = User.objects.filter(is_superuser=True)[0]
24+        response = self.client.get('/test_admin/admin2/auth/user/%s/password/' % su.pk)
25+        self.assertEquals(response.status_code, 404)
26+
27 
28 class GroupAdminTest(TestCase):
29     """
30Index: tests/regressiontests/admin_views/customadmin.py
31===================================================================
32--- tests/regressiontests/admin_views/customadmin.py    (revision 16911)
33+++ tests/regressiontests/admin_views/customadmin.py    (working copy)
34@@ -5,5 +5,7 @@
35 from django.contrib import admin
36 from django.http import HttpResponse
37+import django.contrib.auth.models
38+import django.contrib.auth.admin
39 
40 import models, forms, admin as base_admin
41 
42@@ -27,6 +28,12 @@
43     def my_view(self, request):
44         return HttpResponse("Django is a magical pony!")
45 
46+class UserLimitedAdmin(django.contrib.auth.admin.UserAdmin):
47+    # used for testing password change on a user not in queryset
48+    def queryset(self, request):
49+        qs = super(UserLimitedAdmin, self).queryset(request)
50+        return qs.filter(is_superuser=False)
51+
52 site = Admin2(name="admin2")
53 
54 site.register(models.Article, base_admin.ArticleAdmin)
55@@ -34,3 +41,4 @@
56 site.register(models.Thing, base_admin.ThingAdmin)
57 site.register(models.Fabric, base_admin.FabricAdmin)
58 site.register(models.ChapterXtra1, base_admin.ChapterXtra1Admin)
59+site.register(django.contrib.auth.models.User, UserLimitedAdmin)