Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

[1.1.X] Fixed #11191 - Admin throws 500 instead of 404 for PK of inco…

…rrect type

  
Thanks to mmachine for report and test, and Chris Beaven for the patch

Backport of r12011 from trunk



git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.1.X@12012 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
commit 58bf653a26aae6ec466761c5d5933d1a5edfa641 1 parent f1fe7c0
Luke Plant authored
32  django/contrib/admin/options.py
@@ -6,7 +6,7 @@
6 6
 from django.contrib.admin import widgets
7 7
 from django.contrib.admin import helpers
8 8
 from django.contrib.admin.util import unquote, flatten_fieldsets, get_deleted_objects, model_ngettext, model_format_dict
9  
-from django.core.exceptions import PermissionDenied
  9
+from django.core.exceptions import PermissionDenied, ValidationError
10 10
 from django.db import models, transaction
11 11
 from django.db.models.fields import BLANK_CHOICE_DASH
12 12
 from django.http import Http404, HttpResponse, HttpResponseRedirect
@@ -347,6 +347,20 @@ def get_form(self, request, obj=None, **kwargs):
347 347
         defaults.update(kwargs)
348 348
         return modelform_factory(self.model, **defaults)
349 349
 
  350
+    def get_object(self, request, object_id):
  351
+        """
  352
+        Returns an instance matching the primary key provided. ``None``  is
  353
+        returned if no match is found (or the object_id failed validation
  354
+        against the primary key field).
  355
+        """
  356
+        queryset = self.queryset(request)
  357
+        model = queryset.model
  358
+        try:
  359
+            object_id = model._meta.pk.to_python(object_id)
  360
+            return queryset.get(pk=object_id)
  361
+        except (model.DoesNotExist, ValidationError):
  362
+            return None
  363
+
350 364
     def get_changelist_form(self, request, **kwargs):
351 365
         """
352 366
         Returns a Form class for use in the Formset on the changelist page.
@@ -795,13 +809,7 @@ def change_view(self, request, object_id, extra_context=None):
795 809
         model = self.model
796 810
         opts = model._meta
797 811
 
798  
-        try:
799  
-            obj = self.queryset(request).get(pk=unquote(object_id))
800  
-        except model.DoesNotExist:
801  
-            # Don't raise Http404 just yet, because we haven't checked
802  
-            # permissions yet. We don't want an unauthenticated user to be able
803  
-            # to determine whether a given object exists.
804  
-            obj = None
  812
+        obj = self.get_object(request, unquote(object_id))
805 813
 
806 814
         if not self.has_change_permission(request, obj):
807 815
             raise PermissionDenied
@@ -996,13 +1004,7 @@ def delete_view(self, request, object_id, extra_context=None):
996 1004
         opts = self.model._meta
997 1005
         app_label = opts.app_label
998 1006
 
999  
-        try:
1000  
-            obj = self.queryset(request).get(pk=unquote(object_id))
1001  
-        except self.model.DoesNotExist:
1002  
-            # Don't raise Http404 just yet, because we haven't checked
1003  
-            # permissions yet. We don't want an unauthenticated user to be able
1004  
-            # to determine whether a given object exists.
1005  
-            obj = None
  1007
+        obj = self.get_object(request, unquote(object_id))
1006 1008
 
1007 1009
         if not self.has_delete_permission(request, obj):
1008 1010
             raise PermissionDenied
11  tests/regressiontests/admin_views/tests.py
@@ -65,11 +65,20 @@ def testAddWithGETArgs(self):
65 65
 
66 66
     def testBasicEditGet(self):
67 67
         """
68  
-        A smoke test to ensureGET on the change_view works.
  68
+        A smoke test to ensure GET on the change_view works.
69 69
         """
70 70
         response = self.client.get('/test_admin/%s/admin_views/section/1/' % self.urlbit)
71 71
         self.failUnlessEqual(response.status_code, 200)
72 72
 
  73
+    def testBasicEditGetStringPK(self):
  74
+        """
  75
+        A smoke test to ensure GET on the change_view works (returns an HTTP
  76
+        404 error, see #11191) when passing a string as the PK argument for a
  77
+        model with an integer PK field.
  78
+        """
  79
+        response = self.client.get('/test_admin/%s/admin_views/section/abc/' % self.urlbit)
  80
+        self.failUnlessEqual(response.status_code, 404)
  81
+
73 82
     def testBasicAddPost(self):
74 83
         """
75 84
         A smoke test to ensure POST on add_view works.

0 notes on commit 58bf653

Please sign in to comment.
Something went wrong with that request. Please try again.