Ticket #16958: patch_1_admin_password_change_limited.diff

File patch_1_admin_password_change_limited.diff, 2.5 KB (added by mpaolini, 4 years ago)

patch with test

  • django/contrib/auth/admin.py

     
    108108    def user_change_password(self, request, id):
    109109        if not self.has_change_permission(request):
    110110            raise PermissionDenied
    111         user = get_object_or_404(self.model, pk=id)
     111        user = get_object_or_404(self.queryset(request), pk=id)
    112112        if request.method == 'POST':
    113113            form = self.change_password_form(user, request.POST)
    114114            if form.is_valid():
  • tests/regressiontests/admin_views/tests.py

     
    29512951            response = self.client.get('/test_admin/admin/auth/user/%s/' % u.pk)
    29522952            self.assertEqual(response.status_code, 200)
    29532953
     2954    def test_user_password_change_limited_queryset(self):
     2955        su = User.objects.filter(is_superuser=True)[0]
     2956        response = self.client.get('/test_admin/admin2/auth/user/%s/password/' % su.pk)
     2957        self.assertEquals(response.status_code, 404)
     2958
    29542959
    29552960class GroupAdminTest(TestCase):
    29562961    """
  • tests/regressiontests/admin_views/customadmin.py

     
    55from django.contrib import admin
    66from django.http import HttpResponse
     7import django.contrib.auth.models
     8import django.contrib.auth.admin
    79
    810import models, forms, admin as base_admin
    911
     
    2728    def my_view(self, request):
    2829        return HttpResponse("Django is a magical pony!")
    2930
     31class UserLimitedAdmin(django.contrib.auth.admin.UserAdmin):
     32    # used for testing password change on a user not in queryset
     33    def queryset(self, request):
     34        qs = super(UserLimitedAdmin, self).queryset(request)
     35        return qs.filter(is_superuser=False)
     36
    3037site = Admin2(name="admin2")
    3138
    3239site.register(models.Article, base_admin.ArticleAdmin)
     
    3441site.register(models.Thing, base_admin.ThingAdmin)
    3542site.register(models.Fabric, base_admin.FabricAdmin)
    3643site.register(models.ChapterXtra1, base_admin.ChapterXtra1Admin)
     44site.register(django.contrib.auth.models.User, UserLimitedAdmin)
Back to Top