1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
|
from django.contrib.admin.utils import quote
from django.contrib.admin.views.main import IS_POPUP_VAR
from django.contrib.auth.models import User
from django.template.response import TemplateResponse
from django.test import TestCase, override_settings
from django.urls import reverse
from .models import Action, Car, Person
@override_settings(
ROOT_URLCONF="admin_custom_urls.urls",
)
class AdminCustomUrlsTest(TestCase):
"""
Remember that:
* The Action model has a CharField PK.
* The ModelAdmin for Action customizes the add_view URL, it's
'<app name>/<model name>/!add/'
"""
@classmethod
def setUpTestData(cls):
cls.superuser = User.objects.create_superuser(
username="super", password="secret", email="super@example.com"
)
Action.objects.create(name="delete", description="Remove things.")
Action.objects.create(name="rename", description="Gives things other names.")
Action.objects.create(name="add", description="Add things.")
Action.objects.create(
name="path/to/file/", description="An action with '/' in its name."
)
Action.objects.create(
name="path/to/html/document.html",
description="An action with a name similar to a HTML doc path.",
)
Action.objects.create(
name="javascript:alert('Hello world');\">Click here</a>",
description="An action with a name suspected of being a XSS attempt",
)
def setUp(self):
self.client.force_login(self.superuser)
def test_basic_add_GET(self):
"""
Ensure GET on the add_view works.
"""
add_url = reverse("admin_custom_urls:admin_custom_urls_action_add")
self.assertTrue(add_url.endswith("/!add/"))
response = self.client.get(add_url)
self.assertIsInstance(response, TemplateResponse)
self.assertEqual(response.status_code, 200)
def test_add_with_GET_args(self):
"""
Ensure GET on the add_view plus specifying a field value in the query
string works.
"""
response = self.client.get(
reverse("admin_custom_urls:admin_custom_urls_action_add"),
{"name": "My Action"},
)
self.assertContains(response, 'value="My Action"')
def test_basic_add_POST(self):
"""
Ensure POST on add_view works.
"""
post_data = {
IS_POPUP_VAR: "1",
"name": "Action added through a popup",
"description": "Description of added action",
}
response = self.client.post(
reverse("admin_custom_urls:admin_custom_urls_action_add"), post_data
)
self.assertContains(response, "Action added through a popup")
def test_admin_URLs_no_clash(self):
# Should get the change_view for model instance with PK 'add', not show
# the add_view
url = reverse(
"admin_custom_urls:%s_action_change" % Action._meta.app_label,
args=(quote("add"),),
)
response = self.client.get(url)
self.assertContains(response, "Change action")
# Should correctly get the change_view for the model instance with the
# funny-looking PK (the one with a 'path/to/html/document.html' value)
url = reverse(
"admin_custom_urls:%s_action_change" % Action._meta.app_label,
args=(quote("path/to/html/document.html"),),
)
response = self.client.get(url)
self.assertContains(response, "Change action")
self.assertContains(response, 'value="path/to/html/document.html"')
def test_post_save_add_redirect(self):
"""
ModelAdmin.response_post_save_add() controls the redirection after
the 'Save' button has been pressed when adding a new object.
"""
post_data = {"name": "John Doe"}
self.assertEqual(Person.objects.count(), 0)
response = self.client.post(
reverse("admin_custom_urls:admin_custom_urls_person_add"), post_data
)
persons = Person.objects.all()
self.assertEqual(len(persons), 1)
redirect_url = reverse(
"admin_custom_urls:admin_custom_urls_person_history", args=[persons[0].pk]
)
self.assertRedirects(response, redirect_url)
def test_post_save_change_redirect(self):
"""
ModelAdmin.response_post_save_change() controls the redirection after
the 'Save' button has been pressed when editing an existing object.
"""
Person.objects.create(name="John Doe")
self.assertEqual(Person.objects.count(), 1)
person = Person.objects.all()[0]
post_url = reverse(
"admin_custom_urls:admin_custom_urls_person_change", args=[person.pk]
)
response = self.client.post(post_url, {"name": "Jack Doe"})
self.assertRedirects(
response,
reverse(
"admin_custom_urls:admin_custom_urls_person_delete", args=[person.pk]
),
)
def test_post_url_continue(self):
"""
The ModelAdmin.response_add()'s parameter `post_url_continue` controls
the redirection after an object has been created.
"""
post_data = {"name": "SuperFast", "_continue": "1"}
self.assertEqual(Car.objects.count(), 0)
response = self.client.post(
reverse("admin_custom_urls:admin_custom_urls_car_add"), post_data
)
cars = Car.objects.all()
self.assertEqual(len(cars), 1)
self.assertRedirects(
response,
reverse(
"admin_custom_urls:admin_custom_urls_car_history", args=[cars[0].pk]
),
)
|
