mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-08-03 18:38:50 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Fixed #29809 -- Fixed a crash when a "view only" user POSTs to the admin user change form.

Browse source
This commit is contained in:
Tim Graham 2018-09-27 19:52:01 -04:00 committed by Carlton Gibson
parent bf39978a53
commit a7284cc0c3
3 changed files with 13 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

9
tests/auth_tests/test_views.py
View file

@ -1221,6 +1221,7 @@ class ChangelistTests(AuthViewsTestCase):
u = User.objects.get(username='testclient')
u.is_superuser = False
u.save()
original_password = u.password
u.user_permissions.add(get_perm(User, 'view_user'))
response = self.client.get(reverse('auth_test_admin:auth_user_change', args=(u.pk,)),)
algo, salt, hash_string = (u.password.split('$'))
@ -1235,6 +1236,14 @@ class ChangelistTests(AuthViewsTestCase):
),
html=True,
)
# Value in POST data is ignored.
data = self.get_user_data(u)
data['password'] = 'shouldnotchange'
change_url = reverse('auth_test_admin:auth_user_change', args=(u.pk,))
response = self.client.post(change_url, data)
self.assertRedirects(response, reverse('auth_test_admin:auth_user_changelist'))
u.refresh_from_db()
self.assertEqual(u.password, original_password)
@override_settings(