#13743 closed (fixed)
CommentsAdmin blows up when 'delete_selected' action is disabled.
| Reported by: | daniellindsley | Owned by: | nobody |
|---|---|---|---|
| Component: | contrib.comments | Version: | 1.3-alpha |
| Severity: | Keywords: | ||
| Cc: | Triage Stage: | Ready for checkin | |
| Has patch: | yes | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
In our admin, we disable the delete_selected action due to too many users shooting themselves in the foot. We also have non-superuser accounts that can access the admin.
The CommentsAdmin.get_actions method assumes various actions will be in the list, but the actions.pop statements will fail as a result.
Attached is a traceback and a patch.
Traceback:
File "/home/code.django-1.0/django/core/handlers/base.py" in get_response
100. response = callback(request, *callback_args, **callback_kwargs)
File "/home/code.django-1.0/django/contrib/admin/options.py" in wrapper
239. return self.admin_site.admin_view(view)(*args, **kwargs)
File "/home/code.django-1.0/django/utils/decorators.py" in _wrapped_view
76. response = view_func(request, *args, **kwargs)
File "/home/code.django-1.0/django/views/decorators/cache.py" in _wrapped_view_func
69. response = view_func(request, *args, **kwargs)
File "/home/code.django-1.0/django/contrib/admin/sites.py" in inner
190. return view(request, *args, **kwargs)
File "/home/code.django-1.0/django/utils/decorators.py" in _wrapper
21. return decorator(bound_func)(*args, **kwargs)
File "/home/code.django-1.0/django/utils/decorators.py" in _wrapped_view
76. response = view_func(request, *args, **kwargs)
File "/home/code.django-1.0/django/utils/decorators.py" in bound_func
17. return func(self, *args2, **kwargs2)
File "/home/code.django-1.0/django/contrib/admin/options.py" in changelist_view
955. actions = self.get_actions(request)
File "/home/code.django-1.0/django/contrib/comments/admin.py" in get_actions
32. actions.pop('delete_selected')
File "/home/code.django-1.0/django/utils/datastructures.py" in pop
123. result = super(SortedDict, self).pop(k, *args)
Exception Type: KeyError at /admin/comments/comment/
Exception Value: 'delete_selected'
Attachments (2)
Change History (11)
by , 14 years ago
| Attachment: | comments_admin.diff added |
|---|
comment:1 by , 14 years ago
| Triage Stage: | Unreviewed → Accepted |
|---|
comment:2 by , 14 years ago
| Needs tests: | set |
|---|
comment:3 by , 14 years ago
I've been working on this and I can confirm the patch and test apply cleanly - they also solve the issue and I've tested it in an example project. I've not managed to figure out a automated test yet that works correctly - any suggestions would be welcome.
Currently I've tried the following in AdminActionsTests (regressiontests/comment_tests/tests/moderation_view_tests.py)
def testDisableDeleteSelected(self):
comments = self.createSomeComments()
makeModerator("normaluser")
self.client.login(username="normaluser", password="normaluser")
from django.contrib import admin
admin.site.disable_action('delete_selected')
response = self.client.get("/admin/comments/comment/")
self.assertEqual(response.status_code, 200)
I'm not that familiar with the disable_action but it doesn't seem to be having any effect when placed like this.
comment:4 by , 14 years ago
| Needs tests: | unset |
|---|---|
| Version: | 1.2 → 1.3-alpha |
Alright, got a patch that works against trunk that also includes tests.
comment:5 by , 14 years ago
| Triage Stage: | Accepted → Ready for checkin |
|---|
This looks good to me and passes. Marking RFC.
comment:6 by , 14 years ago
| milestone: | → 1.3 |
|---|
comment:7 by , 14 years ago
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
Patch (without tests)