1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288128912901291129212931294129512961297129812991300130113021303130413051306130713081309131013111312131313141315131613171318131913201321132213231324132513261327132813291330133113321333133413351336133713381339134013411342134313441345134613471348134913501351135213531354135513561357135813591360136113621363136413651366136713681369137013711372137313741375137613771378137913801381138213831384138513861387138813891390139113921393139413951396139713981399140014011402140314041405140614071408140914101411141214131414141514161417141814191420142114221423142414251426142714281429143014311432143314341435143614371438143914401441144214431444144514461447144814491450145114521453145414551456145714581459146014611462146314641465146614671468146914701471147214731474147514761477147814791480148114821483148414851486148714881489149014911492149314941495149614971498149915001501150215031504150515061507150815091510151115121513151415151516151715181519152015211522152315241525152615271528152915301531153215331534153515361537153815391540154115421543154415451546154715481549155015511552155315541555155615571558155915601561156215631564156515661567156815691570157115721573157415751576157715781579158015811582158315841585158615871588158915901591159215931594159515961597159815991600160116021603160416051606160716081609161016111612161316141615161616171618161916201621162216231624162516261627162816291630163116321633163416351636163716381639164016411642164316441645164616471648164916501651165216531654165516561657165816591660166116621663166416651666166716681669167016711672167316741675167616771678167916801681168216831684168516861687168816891690169116921693169416951696169716981699170017011702170317041705170617071708170917101711171217131714171517161717171817191720172117221723172417251726172717281729173017311732173317341735173617371738173917401741174217431744174517461747174817491750175117521753175417551756175717581759176017611762176317641765176617671768176917701771177217731774177517761777177817791780178117821783178417851786178717881789179017911792179317941795179617971798179918001801180218031804180518061807180818091810181118121813181418151816181718181819182018211822182318241825182618271828182918301831183218331834183518361837183818391840184118421843184418451846184718481849185018511852185318541855185618571858185918601861186218631864186518661867186818691870187118721873187418751876187718781879188018811882188318841885188618871888188918901891189218931894189518961897189818991900190119021903190419051906190719081909191019111912191319141915191619171918191919201921192219231924192519261927192819291930193119321933193419351936193719381939194019411942194319441945194619471948194919501951195219531954195519561957195819591960196119621963196419651966196719681969197019711972197319741975197619771978197919801981198219831984198519861987198819891990199119921993199419951996199719981999200020012002200320042005200620072008200920102011201220132014201520162017201820192020202120222023202420252026202720282029203020312032203320342035203620372038203920402041204220432044204520462047204820492050205120522053205420552056205720582059206020612062206320642065206620672068206920702071207220732074207520762077207820792080208120822083208420852086208720882089209020912092209320942095209620972098209921002101210221032104210521062107210821092110211121122113211421152116211721182119212021212122212321242125212621272128212921302131213221332134213521362137213821392140214121422143214421452146214721482149215021512152215321542155215621572158215921602161216221632164216521662167216821692170217121722173217421752176217721782179218021812182 |
- import copy
- import json
- import operator
- import re
- from collections import OrderedDict
- from functools import partial, reduce, update_wrapper
- from urllib.parse import quote as urlquote
-
- from django import forms
- from django.conf import settings
- from django.contrib import messages
- from django.contrib.admin import helpers, widgets
- from django.contrib.admin.checks import (
- BaseModelAdminChecks, InlineModelAdminChecks, ModelAdminChecks,
- )
- from django.contrib.admin.exceptions import DisallowedModelAdminToField
- from django.contrib.admin.templatetags.admin_urls import add_preserved_filters
- from django.contrib.admin.utils import (
- NestedObjects, construct_change_message, flatten_fieldsets,
- get_deleted_objects, lookup_needs_distinct, model_format_dict,
- model_ngettext, quote, unquote,
- )
- from django.contrib.admin.views.autocomplete import AutocompleteJsonView
- from django.contrib.admin.widgets import (
- AutocompleteSelect, AutocompleteSelectMultiple,
- )
- from django.contrib.auth import get_permission_codename
- from django.core.exceptions import (
- FieldDoesNotExist, FieldError, PermissionDenied, ValidationError,
- )
- from django.core.paginator import Paginator
- from django.db import models, router, transaction
- from django.db.models.constants import LOOKUP_SEP
- from django.db.models.fields import BLANK_CHOICE_DASH
- from django.forms.formsets import DELETION_FIELD_NAME, all_valid
- from django.forms.models import (
- BaseInlineFormSet, inlineformset_factory, modelform_defines_fields,
- modelform_factory, modelformset_factory,
- )
- from django.forms.widgets import CheckboxSelectMultiple, SelectMultiple
- from django.http import HttpResponseRedirect
- from django.http.response import HttpResponseBase
- from django.template.response import SimpleTemplateResponse, TemplateResponse
- from django.urls import reverse
- from django.utils.decorators import method_decorator
- from django.utils.html import format_html
- from django.utils.http import urlencode
- from django.utils.inspect import get_func_args
- from django.utils.safestring import mark_safe
- from django.utils.text import capfirst, format_lazy, get_text_list
- from django.utils.translation import gettext as _, ngettext
- from django.views.decorators.csrf import csrf_protect
- from django.views.generic import RedirectView
-
- IS_POPUP_VAR = '_popup'
- TO_FIELD_VAR = '_to_field'
-
-
- HORIZONTAL, VERTICAL = 1, 2
-
-
- def get_content_type_for_model(obj):
- # Since this module gets imported in the application's root package,
- # it cannot import models from other applications at the module level.
- from django.contrib.contenttypes.models import ContentType
- return ContentType.objects.get_for_model(obj, for_concrete_model=False)
-
-
- def get_ul_class(radio_style):
- return 'radiolist' if radio_style == VERTICAL else 'radiolist inline'
-
-
- class IncorrectLookupParameters(Exception):
- pass
-
-
- # Defaults for formfield_overrides. ModelAdmin subclasses can change this
- # by adding to ModelAdmin.formfield_overrides.
-
- FORMFIELD_FOR_DBFIELD_DEFAULTS = {
- models.DateTimeField: {
- 'form_class': forms.SplitDateTimeField,
- 'widget': widgets.AdminSplitDateTime
- },
- models.DateField: {'widget': widgets.AdminDateWidget},
- models.TimeField: {'widget': widgets.AdminTimeWidget},
- models.TextField: {'widget': widgets.AdminTextareaWidget},
- models.URLField: {'widget': widgets.AdminURLFieldWidget},
- models.IntegerField: {'widget': widgets.AdminIntegerFieldWidget},
- models.BigIntegerField: {'widget': widgets.AdminBigIntegerFieldWidget},
- models.CharField: {'widget': widgets.AdminTextInputWidget},
- models.ImageField: {'widget': widgets.AdminFileWidget},
- models.FileField: {'widget': widgets.AdminFileWidget},
- models.EmailField: {'widget': widgets.AdminEmailInputWidget},
- models.UUIDField: {'widget': widgets.AdminUUIDInputWidget},
- }
-
- csrf_protect_m = method_decorator(csrf_protect)
-
-
- class BaseModelAdmin(metaclass=forms.MediaDefiningClass):
- """Functionality common to both ModelAdmin and InlineAdmin."""
-
- autocomplete_fields = ()
- raw_id_fields = ()
- fields = None
- exclude = None
- fieldsets = None
- form = forms.ModelForm
- filter_vertical = ()
- filter_horizontal = ()
- radio_fields = {}
- prepopulated_fields = {}
- formfield_overrides = {}
- readonly_fields = ()
- ordering = None
- sortable_by = None
- view_on_site = True
- show_full_result_count = True
- checks_class = BaseModelAdminChecks
-
- def check(self, **kwargs):
- return self.checks_class().check(self, **kwargs)
-
- def __init__(self):
- # Merge FORMFIELD_FOR_DBFIELD_DEFAULTS with the formfield_overrides
- # rather than simply overwriting.
- overrides = copy.deepcopy(FORMFIELD_FOR_DBFIELD_DEFAULTS)
- for k, v in self.formfield_overrides.items():
- overrides.setdefault(k, {}).update(v)
- self.formfield_overrides = overrides
-
- def formfield_for_dbfield(self, db_field, request, **kwargs):
- """
- Hook for specifying the form Field instance for a given database Field
- instance.
-
- If kwargs are given, they're passed to the form Field's constructor.
- """
- # If the field specifies choices, we don't need to look for special
- # admin widgets - we just need to use a select widget of some kind.
- if db_field.choices:
- return self.formfield_for_choice_field(db_field, request, **kwargs)
-
- # ForeignKey or ManyToManyFields
- if isinstance(db_field, (models.ForeignKey, models.ManyToManyField)):
- # Combine the field kwargs with any options for formfield_overrides.
- # Make sure the passed in **kwargs override anything in
- # formfield_overrides because **kwargs is more specific, and should
- # always win.
- if db_field.__class__ in self.formfield_overrides:
- kwargs = {**self.formfield_overrides[db_field.__class__], **kwargs}
-
- # Get the correct formfield.
- if isinstance(db_field, models.ForeignKey):
- formfield = self.formfield_for_foreignkey(db_field, request, **kwargs)
- elif isinstance(db_field, models.ManyToManyField):
- formfield = self.formfield_for_manytomany(db_field, request, **kwargs)
-
- # For non-raw_id fields, wrap the widget with a wrapper that adds
- # extra HTML -- the "add other" interface -- to the end of the
- # rendered output. formfield can be None if it came from a
- # OneToOneField with parent_link=True or a M2M intermediary.
- if formfield and db_field.name not in self.raw_id_fields:
- related_modeladmin = self.admin_site._registry.get(db_field.remote_field.model)
- wrapper_kwargs = {}
- if related_modeladmin:
- wrapper_kwargs.update(
- can_add_related=related_modeladmin.has_add_permission(request),
- can_change_related=related_modeladmin.has_change_permission(request),
- can_delete_related=related_modeladmin.has_delete_permission(request),
- can_view_related=related_modeladmin.has_view_permission(request),
- )
- formfield.widget = widgets.RelatedFieldWidgetWrapper(
- formfield.widget, db_field.remote_field, self.admin_site, **wrapper_kwargs
- )
-
- return formfield
-
- # If we've got overrides for the formfield defined, use 'em. **kwargs
- # passed to formfield_for_dbfield override the defaults.
- for klass in db_field.__class__.mro():
- if klass in self.formfield_overrides:
- kwargs = {**copy.deepcopy(self.formfield_overrides[klass]), **kwargs}
- return db_field.formfield(**kwargs)
-
- # For any other type of field, just call its formfield() method.
- return db_field.formfield(**kwargs)
-
- def formfield_for_choice_field(self, db_field, request, **kwargs):
- """
- Get a form Field for a database Field that has declared choices.
- """
- # If the field is named as a radio_field, use a RadioSelect
- if db_field.name in self.radio_fields:
- # Avoid stomping on custom widget/choices arguments.
- if 'widget' not in kwargs:
- kwargs['widget'] = widgets.AdminRadioSelect(attrs={
- 'class': get_ul_class(self.radio_fields[db_field.name]),
- })
- if 'choices' not in kwargs:
- kwargs['choices'] = db_field.get_choices(
- include_blank=db_field.blank,
- blank_choice=[('', _('None'))]
- )
- return db_field.formfield(**kwargs)
-
- def get_field_queryset(self, db, db_field, request):
- """
- If the ModelAdmin specifies ordering, the queryset should respect that
- ordering. Otherwise don't specify the queryset, let the field decide
- (return None in that case).
- """
- related_admin = self.admin_site._registry.get(db_field.remote_field.model)
- if related_admin is not None:
- ordering = related_admin.get_ordering(request)
- if ordering is not None and ordering != ():
- return db_field.remote_field.model._default_manager.using(db).order_by(*ordering)
- return None
-
- def formfield_for_foreignkey(self, db_field, request, **kwargs):
- """
- Get a form Field for a ForeignKey.
- """
- db = kwargs.get('using')
-
- if 'widget' not in kwargs:
- if db_field.name in self.get_autocomplete_fields(request):
- kwargs['widget'] = AutocompleteSelect(db_field.remote_field, self.admin_site, using=db)
- elif db_field.name in self.raw_id_fields:
- kwargs['widget'] = widgets.ForeignKeyRawIdWidget(db_field.remote_field, self.admin_site, using=db)
- elif db_field.name in self.radio_fields:
- kwargs['widget'] = widgets.AdminRadioSelect(attrs={
- 'class': get_ul_class(self.radio_fields[db_field.name]),
- })
- kwargs['empty_label'] = _('None') if db_field.blank else None
-
- if 'queryset' not in kwargs:
- queryset = self.get_field_queryset(db, db_field, request)
- if queryset is not None:
- kwargs['queryset'] = queryset
-
- return db_field.formfield(**kwargs)
-
- def formfield_for_manytomany(self, db_field, request, **kwargs):
- """
- Get a form Field for a ManyToManyField.
- """
- # If it uses an intermediary model that isn't auto created, don't show
- # a field in admin.
- if not db_field.remote_field.through._meta.auto_created:
- return None
- db = kwargs.get('using')
-
- autocomplete_fields = self.get_autocomplete_fields(request)
- if db_field.name in autocomplete_fields:
- kwargs['widget'] = AutocompleteSelectMultiple(db_field.remote_field, self.admin_site, using=db)
- elif db_field.name in self.raw_id_fields:
- kwargs['widget'] = widgets.ManyToManyRawIdWidget(db_field.remote_field, self.admin_site, using=db)
- elif db_field.name in [*self.filter_vertical, *self.filter_horizontal]:
- kwargs['widget'] = widgets.FilteredSelectMultiple(
- db_field.verbose_name,
- db_field.name in self.filter_vertical
- )
-
- if 'queryset' not in kwargs:
- queryset = self.get_field_queryset(db, db_field, request)
- if queryset is not None:
- kwargs['queryset'] = queryset
-
- form_field = db_field.formfield(**kwargs)
- if (isinstance(form_field.widget, SelectMultiple) and
- not isinstance(form_field.widget, (CheckboxSelectMultiple, AutocompleteSelectMultiple))):
- msg = _('Hold down "Control", or "Command" on a Mac, to select more than one.')
- help_text = form_field.help_text
- form_field.help_text = format_lazy('{} {}', help_text, msg) if help_text else msg
- return form_field
-
- def get_autocomplete_fields(self, request):
- """
- Return a list of ForeignKey and/or ManyToMany fields which should use
- an autocomplete widget.
- """
- return self.autocomplete_fields
-
- def get_view_on_site_url(self, obj=None):
- if obj is None or not self.view_on_site:
- return None
-
- if callable(self.view_on_site):
- return self.view_on_site(obj)
- elif self.view_on_site and hasattr(obj, 'get_absolute_url'):
- # use the ContentType lookup if view_on_site is True
- return reverse('admin:view_on_site', kwargs={
- 'content_type_id': get_content_type_for_model(obj).pk,
- 'object_id': obj.pk
- })
-
- def get_empty_value_display(self):
- """
- Return the empty_value_display set on ModelAdmin or AdminSite.
- """
- try:
- return mark_safe(self.empty_value_display)
- except AttributeError:
- return mark_safe(self.admin_site.empty_value_display)
-
- def get_exclude(self, request, obj=None):
- """
- Hook for specifying exclude.
- """
- return self.exclude
-
- def get_fields(self, request, obj=None):
- """
- Hook for specifying fields.
- """
- if self.fields:
- return self.fields
- # _get_form_for_get_fields() is implemented in subclasses.
- form = self._get_form_for_get_fields(request, obj)
- return [*form.base_fields, *self.get_readonly_fields(request, obj)]
-
- def get_fieldsets(self, request, obj=None):
- """
- Hook for specifying fieldsets.
- """
- if self.fieldsets:
- return self.fieldsets
- return [(None, {'fields': self.get_fields(request, obj)})]
-
- def get_ordering(self, request):
- """
- Hook for specifying field ordering.
- """
- return self.ordering or () # otherwise we might try to *None, which is bad ;)
-
- def get_readonly_fields(self, request, obj=None):
- """
- Hook for specifying custom readonly fields.
- """
- return self.readonly_fields
-
- def get_prepopulated_fields(self, request, obj=None):
- """
- Hook for specifying custom prepopulated fields.
- """
- return self.prepopulated_fields
-
- def get_queryset(self, request):
- """
- Return a QuerySet of all model instances that can be edited by the
- admin site. This is used by changelist_view.
- """
- qs = self.model._default_manager.get_queryset()
- # TODO: this should be handled by some parameter to the ChangeList.
- ordering = self.get_ordering(request)
- if ordering:
- qs = qs.order_by(*ordering)
- return qs
-
- def get_sortable_by(self, request):
- """Hook for specifying which fields can be sorted in the changelist."""
- return self.sortable_by if self.sortable_by is not None else self.get_list_display(request)
-
- def lookup_allowed(self, lookup, value):
- from django.contrib.admin.filters import SimpleListFilter
-
- model = self.model
- # Check FKey lookups that are allowed, so that popups produced by
- # ForeignKeyRawIdWidget, on the basis of ForeignKey.limit_choices_to,
- # are allowed to work.
- for fk_lookup in model._meta.related_fkey_lookups:
- # As ``limit_choices_to`` can be a callable, invoke it here.
- if callable(fk_lookup):
- fk_lookup = fk_lookup()
- if (lookup, value) in widgets.url_params_from_lookup_dict(fk_lookup).items():
- return True
-
- relation_parts = []
- prev_field = None
- for part in lookup.split(LOOKUP_SEP):
- try:
- field = model._meta.get_field(part)
- except FieldDoesNotExist:
- # Lookups on nonexistent fields are ok, since they're ignored
- # later.
- break
- # It is allowed to filter on values that would be found from local
- # model anyways. For example, if you filter on employee__department__id,
- # then the id value would be found already from employee__department_id.
- if not prev_field or (prev_field.is_relation and
- field not in prev_field.get_path_info()[-1].target_fields):
- relation_parts.append(part)
- if not getattr(field, 'get_path_info', None):
- # This is not a relational field, so further parts
- # must be transforms.
- break
- prev_field = field
- model = field.get_path_info()[-1].to_opts.model
-
- if len(relation_parts) <= 1:
- # Either a local field filter, or no fields at all.
- return True
- valid_lookups = {self.date_hierarchy}
- for filter_item in self.list_filter:
- if isinstance(filter_item, type) and issubclass(filter_item, SimpleListFilter):
- valid_lookups.add(filter_item.parameter_name)
- elif isinstance(filter_item, (list, tuple)):
- valid_lookups.add(filter_item[0])
- else:
- valid_lookups.add(filter_item)
-
- # Is it a valid relational lookup?
- return not {
- LOOKUP_SEP.join(relation_parts),
- LOOKUP_SEP.join(relation_parts + [part])
- }.isdisjoint(valid_lookups)
-
- def to_field_allowed(self, request, to_field):
- """
- Return True if the model associated with this admin should be
- allowed to be referenced by the specified field.
- """
- opts = self.model._meta
-
- try:
- field = opts.get_field(to_field)
- except FieldDoesNotExist:
- return False
-
- # Always allow referencing the primary key since it's already possible
- # to get this information from the change view URL.
- if field.primary_key:
- return True
-
- # Allow reverse relationships to models defining m2m fields if they
- # target the specified field.
- for many_to_many in opts.many_to_many:
- if many_to_many.m2m_target_field_name() == to_field:
- return True
-
- # Make sure at least one of the models registered for this site
- # references this field through a FK or a M2M relationship.
- registered_models = set()
- for model, admin in self.admin_site._registry.items():
- registered_models.add(model)
- for inline in admin.inlines:
- registered_models.add(inline.model)
-
- related_objects = (
- f for f in opts.get_fields(include_hidden=True)
- if (f.auto_created and not f.concrete)
- )
- for related_object in related_objects:
- related_model = related_object.related_model
- remote_field = related_object.field.remote_field
- if (any(issubclass(model, related_model) for model in registered_models) and
- hasattr(remote_field, 'get_related_field') and
- remote_field.get_related_field() == field):
- return True
-
- return False
-
- def has_add_permission(self, request):
- """
- Return True if the given request has permission to add an object.
- Can be overridden by the user in subclasses.
- """
- opts = self.opts
- codename = get_permission_codename('add', opts)
- return request.user.has_perm("%s.%s" % (opts.app_label, codename))
-
- def has_change_permission(self, request, obj=None):
- """
- Return True if the given request has permission to change the given
- Django model instance, the default implementation doesn't examine the
- `obj` parameter.
-
- Can be overridden by the user in subclasses. In such case it should
- return True if the given request has permission to change the `obj`
- model instance. If `obj` is None, this should return True if the given
- request has permission to change *any* object of the given type.
- """
- opts = self.opts
- codename = get_permission_codename('change', opts)
- return request.user.has_perm("%s.%s" % (opts.app_label, codename))
-
- def has_delete_permission(self, request, obj=None):
- """
- Return True if the given request has permission to change the given
- Django model instance, the default implementation doesn't examine the
- `obj` parameter.
-
- Can be overridden by the user in subclasses. In such case it should
- return True if the given request has permission to delete the `obj`
- model instance. If `obj` is None, this should return True if the given
- request has permission to delete *any* object of the given type.
- """
- opts = self.opts
- codename = get_permission_codename('delete', opts)
- return request.user.has_perm("%s.%s" % (opts.app_label, codename))
-
- def has_view_permission(self, request, obj=None):
- """
- Return True if the given request has permission to view the given
- Django model instance. The default implementation doesn't examine the
- `obj` parameter.
-
- If overridden by the user in subclasses, it should return True if the
- given request has permission to view the `obj` model instance. If `obj`
- is None, it should return True if the request has permission to view
- any object of the given type.
- """
- opts = self.opts
- codename_view = get_permission_codename('view', opts)
- codename_change = get_permission_codename('change', opts)
- return (
- request.user.has_perm('%s.%s' % (opts.app_label, codename_view)) or
- request.user.has_perm('%s.%s' % (opts.app_label, codename_change))
- )
-
- def has_view_or_change_permission(self, request, obj=None):
- return self.has_view_permission(request, obj) or self.has_change_permission(request, obj)
-
- def has_module_permission(self, request):
- """
- Return True if the given request has any permission in the given
- app label.
-
- Can be overridden by the user in subclasses. In such case it should
- return True if the given request has permission to view the module on
- the admin index page and access the module's index page. Overriding it
- does not restrict access to the add, change or delete views. Use
- `ModelAdmin.has_(add|change|delete)_permission` for that.
- """
- return request.user.has_module_perms(self.opts.app_label)
-
-
- class ModelAdmin(BaseModelAdmin):
- """Encapsulate all admin options and functionality for a given model."""
-
- list_display = ('__str__',)
- list_display_links = ()
- list_filter = ()
- list_select_related = False
- list_per_page = 100
- list_max_show_all = 200
- list_editable = ()
- search_fields = ()
- date_hierarchy = None
- save_as = False
- save_as_continue = True
- save_on_top = False
- paginator = Paginator
- preserve_filters = True
- inlines = []
-
- # Custom templates (designed to be over-ridden in subclasses)
- add_form_template = None
- change_form_template = None
- change_list_template = None
- delete_confirmation_template = None
- delete_selected_confirmation_template = None
- object_history_template = None
- popup_response_template = None
-
- # Actions
- actions = []
- action_form = helpers.ActionForm
- actions_on_top = True
- actions_on_bottom = False
- actions_selection_counter = True
- checks_class = ModelAdminChecks
-
- def __init__(self, model, admin_site):
- self.model = model
- self.opts = model._meta
- self.admin_site = admin_site
- super().__init__()
-
- def __str__(self):
- return "%s.%s" % (self.model._meta.app_label, self.__class__.__name__)
-
- def get_inline_instances(self, request, obj=None):
- inline_instances = []
- for inline_class in self.inlines:
- inline = inline_class(self.model, self.admin_site)
- if request:
- inline_has_add_permission = inline._has_add_permission(request, obj)
- if not (inline.has_view_or_change_permission(request, obj) or
- inline_has_add_permission or
- inline.has_delete_permission(request, obj)):
- continue
- if not inline_has_add_permission:
- inline.max_num = 0
- inline_instances.append(inline)
-
- return inline_instances
-
- def get_urls(self):
- from django.urls import path
-
- def wrap(view):
- def wrapper(*args, **kwargs):
- return self.admin_site.admin_view(view)(*args, **kwargs)
- wrapper.model_admin = self
- return update_wrapper(wrapper, view)
-
- info = self.model._meta.app_label, self.model._meta.model_name
-
- urlpatterns = [
- path('', wrap(self.changelist_view), name='%s_%s_changelist' % info),
- path('add/', wrap(self.add_view), name='%s_%s_add' % info),
- path('autocomplete/', wrap(self.autocomplete_view), name='%s_%s_autocomplete' % info),
- path('<path:object_id>/history/', wrap(self.history_view), name='%s_%s_history' % info),
- path('<path:object_id>/delete/', wrap(self.delete_view), name='%s_%s_delete' % info),
- path('<path:object_id>/change/', wrap(self.change_view), name='%s_%s_change' % info),
- # For backwards compatibility (was the change url before 1.9)
- path('<path:object_id>/', wrap(RedirectView.as_view(
- pattern_name='%s:%s_%s_change' % ((self.admin_site.name,) + info)
- ))),
- ]
- return urlpatterns
-
- @property
- def urls(self):
- return self.get_urls()
-
- @property
- def media(self):
- extra = '' if settings.DEBUG else '.min'
- js = [
- 'vendor/jquery/jquery%s.js' % extra,
- 'jquery.init.js',
- 'core.js',
- 'admin/RelatedObjectLookups.js',
- 'actions%s.js' % extra,
- 'urlify.js',
- 'prepopulate%s.js' % extra,
- 'vendor/xregexp/xregexp%s.js' % extra,
- ]
- return forms.Media(js=['admin/js/%s' % url for url in js])
-
- def get_model_perms(self, request):
- """
- Return a dict of all perms for this model. This dict has the keys
- ``add``, ``change``, ``delete``, and ``view`` mapping to the True/False
- for each of those actions.
- """
- return {
- 'add': self.has_add_permission(request),
- 'change': self.has_change_permission(request),
- 'delete': self.has_delete_permission(request),
- 'view': self.has_view_permission(request),
- }
-
- def _get_form_for_get_fields(self, request, obj):
- return self.get_form(request, obj, fields=None)
-
- def get_form(self, request, obj=None, change=False, **kwargs):
- """
- Return a Form class for use in the admin add view. This is used by
- add_view and change_view.
- """
- if 'fields' in kwargs:
- fields = kwargs.pop('fields')
- else:
- fields = flatten_fieldsets(self.get_fieldsets(request, obj))
- excluded = self.get_exclude(request, obj)
- exclude = [] if excluded is None else list(excluded)
- readonly_fields = self.get_readonly_fields(request, obj)
- exclude.extend(readonly_fields)
- # Exclude all fields if it's a change form and the user doesn't have
- # the change permission.
- if change and hasattr(request, 'user') and not self.has_change_permission(request, obj):
- exclude.extend(fields)
- if excluded is None and hasattr(self.form, '_meta') and self.form._meta.exclude:
- # Take the custom ModelForm's Meta.exclude into account only if the
- # ModelAdmin doesn't define its own.
- exclude.extend(self.form._meta.exclude)
- # if exclude is an empty list we pass None to be consistent with the
- # default on modelform_factory
- exclude = exclude or None
-
- # Remove declared form fields which are in readonly_fields.
- new_attrs = OrderedDict.fromkeys(
- f for f in readonly_fields
- if f in self.form.declared_fields
- )
- form = type(self.form.__name__, (self.form,), new_attrs)
-
- defaults = {
- 'form': form,
- 'fields': fields,
- 'exclude': exclude,
- 'formfield_callback': partial(self.formfield_for_dbfield, request=request),
- **kwargs,
- }
-
- if defaults['fields'] is None and not modelform_defines_fields(defaults['form']):
- defaults['fields'] = forms.ALL_FIELDS
-
- try:
- return modelform_factory(self.model, **defaults)
- except FieldError as e:
- raise FieldError(
- '%s. Check fields/fieldsets/exclude attributes of class %s.'
- % (e, self.__class__.__name__)
- )
-
- def get_changelist(self, request, **kwargs):
- """
- Return the ChangeList class for use on the changelist page.
- """
- from django.contrib.admin.views.main import ChangeList
- return ChangeList
-
- def get_changelist_instance(self, request):
- """
- Return a `ChangeList` instance based on `request`. May raise
- `IncorrectLookupParameters`.
- """
- list_display = self.get_list_display(request)
- list_display_links = self.get_list_display_links(request, list_display)
- # Add the action checkboxes if any actions are available.
- if self.get_actions(request):
- list_display = ['action_checkbox', *list_display]
- sortable_by = self.get_sortable_by(request)
- ChangeList = self.get_changelist(request)
- return ChangeList(
- request,
- self.model,
- list_display,
- list_display_links,
- self.get_list_filter(request),
- self.date_hierarchy,
- self.get_search_fields(request),
- self.get_list_select_related(request),
- self.list_per_page,
- self.list_max_show_all,
- self.list_editable,
- self,
- sortable_by,
- )
-
- def get_object(self, request, object_id, from_field=None):
- """
- Return an instance matching the field and value provided, the primary
- key is used if no field is provided. Return ``None`` if no match is
- found or the object_id fails validation.
- """
- queryset = self.get_queryset(request)
- model = queryset.model
- field = model._meta.pk if from_field is None else model._meta.get_field(from_field)
- try:
- object_id = field.to_python(object_id)
- return queryset.get(**{field.name: object_id})
- except (model.DoesNotExist, ValidationError, ValueError):
- return None
-
- def get_changelist_form(self, request, **kwargs):
- """
- Return a Form class for use in the Formset on the changelist page.
- """
- defaults = {
- 'formfield_callback': partial(self.formfield_for_dbfield, request=request),
- **kwargs,
- }
- if defaults.get('fields') is None and not modelform_defines_fields(defaults.get('form')):
- defaults['fields'] = forms.ALL_FIELDS
-
- return modelform_factory(self.model, **defaults)
-
- def get_changelist_formset(self, request, **kwargs):
- """
- Return a FormSet class for use on the changelist page if list_editable
- is used.
- """
- defaults = {
- 'formfield_callback': partial(self.formfield_for_dbfield, request=request),
- **kwargs,
- }
- return modelformset_factory(
- self.model, self.get_changelist_form(request), extra=0,
- fields=self.list_editable, **defaults
- )
-
- def get_formsets_with_inlines(self, request, obj=None):
- """
- Yield formsets and the corresponding inlines.
- """
- for inline in self.get_inline_instances(request, obj):
- yield inline.get_formset(request, obj), inline
-
- def get_paginator(self, request, queryset, per_page, orphans=0, allow_empty_first_page=True):
- return self.paginator(queryset, per_page, orphans, allow_empty_first_page)
-
- def log_addition(self, request, object, message):
- """
- Log that an object has been successfully added.
-
- The default implementation creates an admin LogEntry object.
- """
- from django.contrib.admin.models import LogEntry, ADDITION
- return LogEntry.objects.log_action(
- user_id=request.user.pk,
- content_type_id=get_content_type_for_model(object).pk,
- object_id=object.pk,
- object_repr=str(object),
- action_flag=ADDITION,
- change_message=message,
- )
-
- def log_change(self, request, object, message):
- """
- Log that an object has been successfully changed.
-
- The default implementation creates an admin LogEntry object.
- """
- from django.contrib.admin.models import LogEntry, CHANGE
- return LogEntry.objects.log_action(
- user_id=request.user.pk,
- content_type_id=get_content_type_for_model(object).pk,
- object_id=object.pk,
- object_repr=str(object),
- action_flag=CHANGE,
- change_message=message,
- )
-
- def log_deletion(self, request, object, object_repr):
- """
- Log that an object will be deleted. Note that this method must be
- called before the deletion.
-
- The default implementation creates an admin LogEntry object.
- """
- from django.contrib.admin.models import LogEntry, DELETION
- return LogEntry.objects.log_action(
- user_id=request.user.pk,
- content_type_id=get_content_type_for_model(object).pk,
- object_id=object.pk,
- object_repr=object_repr,
- action_flag=DELETION,
- )
-
- def action_checkbox(self, obj):
- """
- A list_display column containing a checkbox widget.
- """
- return helpers.checkbox.render(helpers.ACTION_CHECKBOX_NAME, str(obj.pk))
- action_checkbox.short_description = mark_safe('<input type="checkbox" id="action-toggle">')
-
- def _get_base_actions(self):
- """Return the list of actions, prior to any request-based filtering."""
- actions = []
-
- # Gather actions from the admin site first
- for (name, func) in self.admin_site.actions:
- description = getattr(func, 'short_description', name.replace('_', ' '))
- actions.append((func, name, description))
- # Add actions from this ModelAdmin.
- actions.extend(self.get_action(action) for action in self.actions or [])
- # get_action might have returned None, so filter any of those out.
- return filter(None, actions)
-
- def _filter_actions_by_permissions(self, request, actions):
- """Filter out any actions that the user doesn't have access to."""
- filtered_actions = []
- for action in actions:
- callable = action[0]
- if not hasattr(callable, 'allowed_permissions'):
- filtered_actions.append(action)
- continue
- permission_checks = (
- getattr(self, 'has_%s_permission' % permission)
- for permission in callable.allowed_permissions
- )
- if any(has_permission(request) for has_permission in permission_checks):
- filtered_actions.append(action)
- return filtered_actions
-
- def get_actions(self, request):
- """
- Return a dictionary mapping the names of all actions for this
- ModelAdmin to a tuple of (callable, name, description) for each action.
- """
- # If self.actions is set to None that means actions are disabled on
- # this page.
- if self.actions is None or IS_POPUP_VAR in request.GET:
- return OrderedDict()
- actions = self._filter_actions_by_permissions(request, self._get_base_actions())
- # Convert the actions into an OrderedDict keyed by name.
- return OrderedDict(
- (name, (func, name, desc))
- for func, name, desc in actions
- )
-
- def get_action_choices(self, request, default_choices=BLANK_CHOICE_DASH):
- """
- Return a list of choices for use in a form object. Each choice is a
- tuple (name, description).
- """
- choices = [] + default_choices
- for func, name, description in self.get_actions(request).values():
- choice = (name, description % model_format_dict(self.opts))
- choices.append(choice)
- return choices
-
- def get_action(self, action):
- """
- Return a given action from a parameter, which can either be a callable,
- or the name of a method on the ModelAdmin. Return is a tuple of
- (callable, name, description).
- """
- # If the action is a callable, just use it.
- if callable(action):
- func = action
- action = action.__name__
-
- # Next, look for a method. Grab it off self.__class__ to get an unbound
- # method instead of a bound one; this ensures that the calling
- # conventions are the same for functions and methods.
- elif hasattr(self.__class__, action):
- func = getattr(self.__class__, action)
-
- # Finally, look for a named method on the admin site
- else:
- try:
- func = self.admin_site.get_action(action)
- except KeyError:
- return None
-
- if hasattr(func, 'short_description'):
- description = func.short_description
- else:
- description = capfirst(action.replace('_', ' '))
- return func, action, description
-
- def get_list_display(self, request):
- """
- Return a sequence containing the fields to be displayed on the
- changelist.
- """
- return self.list_display
-
- def get_list_display_links(self, request, list_display):
- """
- Return a sequence containing the fields to be displayed as links
- on the changelist. The list_display parameter is the list of fields
- returned by get_list_display().
- """
- if self.list_display_links or self.list_display_links is None or not list_display:
- return self.list_display_links
- else:
- # Use only the first item in list_display as link
- return list(list_display)[:1]
-
- def get_list_filter(self, request):
- """
- Return a sequence containing the fields to be displayed as filters in
- the right sidebar of the changelist page.
- """
- return self.list_filter
-
- def get_list_select_related(self, request):
- """
- Return a list of fields to add to the select_related() part of the
- changelist items query.
- """
- return self.list_select_related
-
- def get_search_fields(self, request):
- """
- Return a sequence containing the fields to be searched whenever
- somebody submits a search query.
- """
- return self.search_fields
-
- def get_search_results(self, request, queryset, search_term):
- """
- Return a tuple containing a queryset to implement the search
- and a boolean indicating if the results may contain duplicates.
- """
- # Apply keyword searches.
- def construct_search(field_name):
- if field_name.startswith('^'):
- return "%s__istartswith" % field_name[1:]
- elif field_name.startswith('='):
- return "%s__iexact" % field_name[1:]
- elif field_name.startswith('@'):
- return "%s__search" % field_name[1:]
- # Use field_name if it includes a lookup.
- opts = queryset.model._meta
- lookup_fields = field_name.split(LOOKUP_SEP)
- # Go through the fields, following all relations.
- prev_field = None
- for path_part in lookup_fields:
- if path_part == 'pk':
- path_part = opts.pk.name
- try:
- field = opts.get_field(path_part)
- except FieldDoesNotExist:
- # Use valid query lookups.
- if prev_field and prev_field.get_lookup(path_part):
- return field_name
- else:
- prev_field = field
- if hasattr(field, 'get_path_info'):
- # Update opts to follow the relation.
- opts = field.get_path_info()[-1].to_opts
- # Otherwise, use the field with icontains.
- return "%s__icontains" % field_name
-
- use_distinct = False
- search_fields = self.get_search_fields(request)
- if search_fields and search_term:
- orm_lookups = [construct_search(str(search_field))
- for search_field in search_fields]
- for bit in search_term.split():
- or_queries = [models.Q(**{orm_lookup: bit})
- for orm_lookup in orm_lookups]
- queryset = queryset.filter(reduce(operator.or_, or_queries))
- use_distinct |= any(lookup_needs_distinct(self.opts, search_spec) for search_spec in orm_lookups)
-
- return queryset, use_distinct
-
- def get_preserved_filters(self, request):
- """
- Return the preserved filters querystring.
- """
- match = request.resolver_match
- if self.preserve_filters and match:
- opts = self.model._meta
- current_url = '%s:%s' % (match.app_name, match.url_name)
- changelist_url = 'admin:%s_%s_changelist' % (opts.app_label, opts.model_name)
- if current_url == changelist_url:
- preserved_filters = request.GET.urlencode()
- else:
- preserved_filters = request.GET.get('_changelist_filters')
-
- if preserved_filters:
- return urlencode({'_changelist_filters': preserved_filters})
- return ''
-
- def construct_change_message(self, request, form, formsets, add=False):
- """
- Construct a JSON structure describing changes from a changed object.
- """
- return construct_change_message(form, formsets, add)
-
- def message_user(self, request, message, level=messages.INFO, extra_tags='',
- fail_silently=False):
- """
- Send a message to the user. The default implementation
- posts a message using the django.contrib.messages backend.
-
- Exposes almost the same API as messages.add_message(), but accepts the
- positional arguments in a different order to maintain backwards
- compatibility. For convenience, it accepts the `level` argument as
- a string rather than the usual level number.
- """
- if not isinstance(level, int):
- # attempt to get the level if passed a string
- try:
- level = getattr(messages.constants, level.upper())
- except AttributeError:
- levels = messages.constants.DEFAULT_TAGS.values()
- levels_repr = ', '.join('`%s`' % l for l in levels)
- raise ValueError(
- 'Bad message level string: `%s`. Possible values are: %s'
- % (level, levels_repr)
- )
-
- messages.add_message(request, level, message, extra_tags=extra_tags, fail_silently=fail_silently)
-
- def save_form(self, request, form, change):
- """
- Given a ModelForm return an unsaved instance. ``change`` is True if
- the object is being changed, and False if it's being added.
- """
- return form.save(commit=False)
-
- def save_model(self, request, obj, form, change):
- """
- Given a model instance save it to the database.
- """
- obj.save()
-
- def delete_model(self, request, obj):
- """
- Given a model instance delete it from the database.
- """
- obj.delete()
-
- def delete_queryset(self, request, queryset):
- """Given a queryset, delete it from the database."""
- queryset.delete()
-
- def save_formset(self, request, form, formset, change):
- """
- Given an inline formset save it to the database.
- """
- formset.save()
-
- def save_related(self, request, form, formsets, change):
- """
- Given the ``HttpRequest``, the parent ``ModelForm`` instance, the
- list of inline formsets and a boolean value based on whether the
- parent is being added or changed, save the related objects to the
- database. Note that at this point save_form() and save_model() have
- already been called.
- """
- form.save_m2m()
- for formset in formsets:
- self.save_formset(request, form, formset, change=change)
-
- def render_change_form(self, request, context, add=False, change=False, form_url='', obj=None):
- opts = self.model._meta
- app_label = opts.app_label
- preserved_filters = self.get_preserved_filters(request)
- form_url = add_preserved_filters({'preserved_filters': preserved_filters, 'opts': opts}, form_url)
- view_on_site_url = self.get_view_on_site_url(obj)
- has_editable_inline_admin_formsets = False
- for inline in context['inline_admin_formsets']:
- if inline.has_add_permission or inline.has_change_permission or inline.has_delete_permission:
- has_editable_inline_admin_formsets = True
- break
- context.update({
- 'add': add,
- 'change': change,
- 'has_view_permission': self.has_view_permission(request, obj),
- 'has_add_permission': self.has_add_permission(request),
- 'has_change_permission': self.has_change_permission(request, obj),
- 'has_delete_permission': self.has_delete_permission(request, obj),
- 'has_editable_inline_admin_formsets': has_editable_inline_admin_formsets,
- 'has_file_field': context['adminform'].form.is_multipart() or any(
- admin_formset.formset.form().is_multipart()
- for admin_formset in context['inline_admin_formsets']
- ),
- 'has_absolute_url': view_on_site_url is not None,
- 'absolute_url': view_on_site_url,
- 'form_url': form_url,
- 'opts': opts,
- 'content_type_id': get_content_type_for_model(self.model).pk,
- 'save_as': self.save_as,
- 'save_on_top': self.save_on_top,
- 'to_field_var': TO_FIELD_VAR,
- 'is_popup_var': IS_POPUP_VAR,
- 'app_label': app_label,
- })
- if add and self.add_form_template is not None:
- form_template = self.add_form_template
- else:
- form_template = self.change_form_template
-
- request.current_app = self.admin_site.name
-
- return TemplateResponse(request, form_template or [
- "admin/%s/%s/change_form.html" % (app_label, opts.model_name),
- "admin/%s/change_form.html" % app_label,
- "admin/change_form.html"
- ], context)
-
- def response_add(self, request, obj, post_url_continue=None):
- """
- Determine the HttpResponse for the add_view stage.
- """
- opts = obj._meta
- preserved_filters = self.get_preserved_filters(request)
- obj_url = reverse(
- 'admin:%s_%s_change' % (opts.app_label, opts.model_name),
- args=(quote(obj.pk),),
- current_app=self.admin_site.name,
- )
- # Add a link to the object's change form if the user can edit the obj.
- if self.has_change_permission(request, obj):
- obj_repr = format_html('<a href="{}">{}</a>', urlquote(obj_url), obj)
- else:
- obj_repr = str(obj)
- msg_dict = {
- 'name': opts.verbose_name,
- 'obj': obj_repr,
- }
- # Here, we distinguish between different save types by checking for
- # the presence of keys in request.POST.
-
- if IS_POPUP_VAR in request.POST:
- to_field = request.POST.get(TO_FIELD_VAR)
- if to_field:
- attr = str(to_field)
- else:
- attr = obj._meta.pk.attname
- value = obj.serializable_value(attr)
- popup_response_data = json.dumps({
- 'value': str(value),
- 'obj': str(obj),
- })
- return TemplateResponse(request, self.popup_response_template or [
- 'admin/%s/%s/popup_response.html' % (opts.app_label, opts.model_name),
- 'admin/%s/popup_response.html' % opts.app_label,
- 'admin/popup_response.html',
- ], {
- 'popup_response_data': popup_response_data,
- })
-
- elif "_continue" in request.POST or (
- # Redirecting after "Save as new".
- "_saveasnew" in request.POST and self.save_as_continue and
- self.has_change_permission(request, obj)
- ):
- msg = _('The {name} "{obj}" was added successfully.')
- if self.has_change_permission(request, obj):
- msg += ' ' + _('You may edit it again below.')
- self.message_user(request, format_html(msg, **msg_dict), messages.SUCCESS)
- if post_url_continue is None:
- post_url_continue = obj_url
- post_url_continue = add_preserved_filters(
- {'preserved_filters': preserved_filters, 'opts': opts},
- post_url_continue
- )
- return HttpResponseRedirect(post_url_continue)
-
- elif "_addanother" in request.POST:
- msg = format_html(
- _('The {name} "{obj}" was added successfully. You may add another {name} below.'),
- **msg_dict
- )
- self.message_user(request, msg, messages.SUCCESS)
- redirect_url = request.path
- redirect_url = add_preserved_filters({'preserved_filters': preserved_filters, 'opts': opts}, redirect_url)
- return HttpResponseRedirect(redirect_url)
-
- else:
- msg = format_html(
- _('The {name} "{obj}" was added successfully.'),
- **msg_dict
- )
- self.message_user(request, msg, messages.SUCCESS)
- return self.response_post_save_add(request, obj)
-
- def response_change(self, request, obj):
- """
- Determine the HttpResponse for the change_view stage.
- """
-
- if IS_POPUP_VAR in request.POST:
- opts = obj._meta
- to_field = request.POST.get(TO_FIELD_VAR)
- attr = str(to_field) if to_field else opts.pk.attname
- value = request.resolver_match.kwargs['object_id']
- new_value = obj.serializable_value(attr)
- popup_response_data = json.dumps({
- 'action': 'change',
- 'value': str(value),
- 'obj': str(obj),
- 'new_value': str(new_value),
- })
- return TemplateResponse(request, self.popup_response_template or [
- 'admin/%s/%s/popup_response.html' % (opts.app_label, opts.model_name),
- 'admin/%s/popup_response.html' % opts.app_label,
- 'admin/popup_response.html',
- ], {
- 'popup_response_data': popup_response_data,
- })
-
- opts = self.model._meta
- preserved_filters = self.get_preserved_filters(request)
-
- msg_dict = {
- 'name': opts.verbose_name,
- 'obj': format_html('<a href="{}">{}</a>', urlquote(request.path), obj),
- }
- if "_continue" in request.POST:
- msg = format_html(
- _('The {name} "{obj}" was changed successfully. You may edit it again below.'),
- **msg_dict
- )
- self.message_user(request, msg, messages.SUCCESS)
- redirect_url = request.path
- redirect_url = add_preserved_filters({'preserved_filters': preserved_filters, 'opts': opts}, redirect_url)
- return HttpResponseRedirect(redirect_url)
-
- elif "_saveasnew" in request.POST:
- msg = format_html(
- _('The {name} "{obj}" was added successfully. You may edit it again below.'),
- **msg_dict
- )
- self.message_user(request, msg, messages.SUCCESS)
- redirect_url = reverse('admin:%s_%s_change' %
- (opts.app_label, opts.model_name),
- args=(obj.pk,),
- current_app=self.admin_site.name)
- redirect_url = add_preserved_filters({'preserved_filters': preserved_filters, 'opts': opts}, redirect_url)
- return HttpResponseRedirect(redirect_url)
-
- elif "_addanother" in request.POST:
- msg = format_html(
- _('The {name} "{obj}" was changed successfully. You may add another {name} below.'),
- **msg_dict
- )
- self.message_user(request, msg, messages.SUCCESS)
- redirect_url = reverse('admin:%s_%s_add' %
- (opts.app_label, opts.model_name),
- current_app=self.admin_site.name)
- redirect_url = add_preserved_filters({'preserved_filters': preserved_filters, 'opts': opts}, redirect_url)
- return HttpResponseRedirect(redirect_url)
-
- else:
- msg = format_html(
- _('The {name} "{obj}" was changed successfully.'),
- **msg_dict
- )
- self.message_user(request, msg, messages.SUCCESS)
- return self.response_post_save_change(request, obj)
-
- def _response_post_save(self, request, obj):
- opts = self.model._meta
- if self.has_view_or_change_permission(request):
- post_url = reverse('admin:%s_%s_changelist' %
- (opts.app_label, opts.model_name),
- current_app=self.admin_site.name)
- preserved_filters = self.get_preserved_filters(request)
- post_url = add_preserved_filters({'preserved_filters': preserved_filters, 'opts': opts}, post_url)
- else:
- post_url = reverse('admin:index',
- current_app=self.admin_site.name)
- return HttpResponseRedirect(post_url)
-
- def response_post_save_add(self, request, obj):
- """
- Figure out where to redirect after the 'Save' button has been pressed
- when adding a new object.
- """
- return self._response_post_save(request, obj)
-
- def response_post_save_change(self, request, obj):
- """
- Figure out where to redirect after the 'Save' button has been pressed
- when editing an existing object.
- """
- return self._response_post_save(request, obj)
-
- def response_action(self, request, queryset):
- """
- Handle an admin action. This is called if a request is POSTed to the
- changelist; it returns an HttpResponse if the action was handled, and
- None otherwise.
- """
-
- # There can be multiple action forms on the page (at the top
- # and bottom of the change list, for example). Get the action
- # whose button was pushed.
- try:
- action_index = int(request.POST.get('index', 0))
- except ValueError:
- action_index = 0
-
- # Construct the action form.
- data = request.POST.copy()
- data.pop(helpers.ACTION_CHECKBOX_NAME, None)
- data.pop("index", None)
-
- # Use the action whose button was pushed
- try:
- data.update({'action': data.getlist('action')[action_index]})
- except IndexError:
- # If we didn't get an action from the chosen form that's invalid
- # POST data, so by deleting action it'll fail the validation check
- # below. So no need to do anything here
- pass
-
- action_form = self.action_form(data, auto_id=None)
- action_form.fields['action'].choices = self.get_action_choices(request)
-
- # If the form's valid we can handle the action.
- if action_form.is_valid():
- action = action_form.cleaned_data['action']
- select_across = action_form.cleaned_data['select_across']
- func = self.get_actions(request)[action][0]
-
- # Get the list of selected PKs. If nothing's selected, we can't
- # perform an action on it, so bail. Except we want to perform
- # the action explicitly on all objects.
- selected = request.POST.getlist(helpers.ACTION_CHECKBOX_NAME)
- if not selected and not select_across:
- # Reminder that something needs to be selected or nothing will happen
- msg = _("Items must be selected in order to perform "
- "actions on them. No items have been changed.")
- self.message_user(request, msg, messages.WARNING)
- return None
-
- if not select_across:
- # Perform the action only on the selected objects
- queryset = queryset.filter(pk__in=selected)
-
- response = func(self, request, queryset)
-
- # Actions may return an HttpResponse-like object, which will be
- # used as the response from the POST. If not, we'll be a good
- # little HTTP citizen and redirect back to the changelist page.
- if isinstance(response, HttpResponseBase):
- return response
- else:
- return HttpResponseRedirect(request.get_full_path())
- else:
- msg = _("No action selected.")
- self.message_user(request, msg, messages.WARNING)
- return None
-
- def response_delete(self, request, obj_display, obj_id):
- """
- Determine the HttpResponse for the delete_view stage.
- """
- opts = self.model._meta
-
- if IS_POPUP_VAR in request.POST:
- popup_response_data = json.dumps({
- 'action': 'delete',
- 'value': str(obj_id),
- })
- return TemplateResponse(request, self.popup_response_template or [
- 'admin/%s/%s/popup_response.html' % (opts.app_label, opts.model_name),
- 'admin/%s/popup_response.html' % opts.app_label,
- 'admin/popup_response.html',
- ], {
- 'popup_response_data': popup_response_data,
- })
-
- self.message_user(
- request,
- _('The %(name)s "%(obj)s" was deleted successfully.') % {
- 'name': opts.verbose_name,
- 'obj': obj_display,
- },
- messages.SUCCESS,
- )
-
- if self.has_change_permission(request, None):
- post_url = reverse(
- 'admin:%s_%s_changelist' % (opts.app_label, opts.model_name),
- current_app=self.admin_site.name,
- )
- preserved_filters = self.get_preserved_filters(request)
- post_url = add_preserved_filters(
- {'preserved_filters': preserved_filters, 'opts': opts}, post_url
- )
- else:
- post_url = reverse('admin:index', current_app=self.admin_site.name)
- return HttpResponseRedirect(post_url)
-
- def render_delete_form(self, request, context):
- opts = self.model._meta
- app_label = opts.app_label
-
- request.current_app = self.admin_site.name
- context.update(
- to_field_var=TO_FIELD_VAR,
- is_popup_var=IS_POPUP_VAR,
- media=self.media,
- )
-
- return TemplateResponse(
- request,
- self.delete_confirmation_template or [
- "admin/{}/{}/delete_confirmation.html".format(app_label, opts.model_name),
- "admin/{}/delete_confirmation.html".format(app_label),
- "admin/delete_confirmation.html",
- ],
- context,
- )
-
- def get_inline_formsets(self, request, formsets, inline_instances, obj=None):
- inline_admin_formsets = []
- for inline, formset in zip(inline_instances, formsets):
- fieldsets = list(inline.get_fieldsets(request, obj))
- readonly = list(inline.get_readonly_fields(request, obj))
- has_add_permission = inline._has_add_permission(request, obj)
- has_change_permission = inline.has_change_permission(request, obj)
- has_delete_permission = inline.has_delete_permission(request, obj)
- has_view_permission = inline.has_view_permission(request, obj)
- prepopulated = dict(inline.get_prepopulated_fields(request, obj))
- inline_admin_formset = helpers.InlineAdminFormSet(
- inline, formset, fieldsets, prepopulated, readonly, model_admin=self,
- has_add_permission=has_add_permission, has_change_permission=has_change_permission,
- has_delete_permission=has_delete_permission, has_view_permission=has_view_permission,
- )
- inline_admin_formsets.append(inline_admin_formset)
- return inline_admin_formsets
-
- def get_changeform_initial_data(self, request):
- """
- Get the initial form data from the request's GET params.
- """
- initial = dict(request.GET.items())
- for k in initial:
- try:
- f = self.model._meta.get_field(k)
- except FieldDoesNotExist:
- continue
- # We have to special-case M2Ms as a list of comma-separated PKs.
- if isinstance(f, models.ManyToManyField):
- initial[k] = initial[k].split(",")
- return initial
-
- def _get_obj_does_not_exist_redirect(self, request, opts, object_id):
- """
- Create a message informing the user that the object doesn't exist
- and return a redirect to the admin index page.
- """
- msg = _("""%(name)s with ID "%(key)s" doesn't exist. Perhaps it was deleted?""") % {
- 'name': opts.verbose_name,
- 'key': unquote(object_id),
- }
- self.message_user(request, msg, messages.WARNING)
- url = reverse('admin:index', current_app=self.admin_site.name)
- return HttpResponseRedirect(url)
-
- @csrf_protect_m
- def changeform_view(self, request, object_id=None, form_url='', extra_context=None):
- with transaction.atomic(using=router.db_for_write(self.model)):
- return self._changeform_view(request, object_id, form_url, extra_context)
-
- def _changeform_view(self, request, object_id, form_url, extra_context):
- to_field = request.POST.get(TO_FIELD_VAR, request.GET.get(TO_FIELD_VAR))
- if to_field and not self.to_field_allowed(request, to_field):
- raise DisallowedModelAdminToField("The field %s cannot be referenced." % to_field)
-
- model = self.model
- opts = model._meta
-
- if request.method == 'POST' and '_saveasnew' in request.POST:
- object_id = None
-
- add = object_id is None
-
- if add:
- if not self.has_add_permission(request):
- raise PermissionDenied
- obj = None
-
- else:
- obj = self.get_object(request, unquote(object_id), to_field)
-
- if not self.has_view_or_change_permission(request, obj):
- raise PermissionDenied
-
- if obj is None:
- return self._get_obj_does_not_exist_redirect(request, opts, object_id)
-
- ModelForm = self.get_form(request, obj, change=not add)
- if request.method == 'POST':
- form = ModelForm(request.POST, request.FILES, instance=obj)
- form_validated = form.is_valid()
- if form_validated:
- new_object = self.save_form(request, form, change=not add)
- else:
- new_object = form.instance
- formsets, inline_instances = self._create_formsets(request, new_object, change=not add)
- if all_valid(formsets) and form_validated:
- self.save_model(request, new_object, form, not add)
- self.save_related(request, form, formsets, not add)
- change_message = self.construct_change_message(request, form, formsets, add)
- if add:
- self.log_addition(request, new_object, change_message)
- return self.response_add(request, new_object)
- else:
- self.log_change(request, new_object, change_message)
- return self.response_change(request, new_object)
- else:
- form_validated = False
- else:
- if add:
- initial = self.get_changeform_initial_data(request)
- form = ModelForm(initial=initial)
- formsets, inline_instances = self._create_formsets(request, form.instance, change=False)
- else:
- form = ModelForm(instance=obj)
- formsets, inline_instances = self._create_formsets(request, obj, change=True)
-
- if not add and not self.has_change_permission(request, obj):
- readonly_fields = flatten_fieldsets(self.get_fieldsets(request, obj))
- else:
- readonly_fields = self.get_readonly_fields(request, obj)
- adminForm = helpers.AdminForm(
- form,
- list(self.get_fieldsets(request, obj)),
- # Clear prepopulated fields on a view-only form to avoid a crash.
- self.get_prepopulated_fields(request, obj) if add or self.has_change_permission(request, obj) else {},
- readonly_fields,
- model_admin=self)
- media = self.media + adminForm.media
-
- inline_formsets = self.get_inline_formsets(request, formsets, inline_instances, obj)
- for inline_formset in inline_formsets:
- media = media + inline_formset.media
-
- if add:
- title = _('Add %s')
- elif self.has_change_permission(request, obj):
- title = _('Change %s')
- else:
- title = _('View %s')
- context = {
- **self.admin_site.each_context(request),
- 'title': title % opts.verbose_name,
- 'adminform': adminForm,
- 'object_id': object_id,
- 'original': obj,
- 'is_popup': IS_POPUP_VAR in request.POST or IS_POPUP_VAR in request.GET,
- 'to_field': to_field,
- 'media': media,
- 'inline_admin_formsets': inline_formsets,
- 'errors': helpers.AdminErrorList(form, formsets),
- 'preserved_filters': self.get_preserved_filters(request),
- }
-
- # Hide the "Save" and "Save and continue" buttons if "Save as New" was
- # previously chosen to prevent the interface from getting confusing.
- if request.method == 'POST' and not form_validated and "_saveasnew" in request.POST:
- context['show_save'] = False
- context['show_save_and_continue'] = False
- # Use the change template instead of the add template.
- add = False
-
- context.update(extra_context or {})
-
- return self.render_change_form(request, context, add=add, change=not add, obj=obj, form_url=form_url)
-
- def autocomplete_view(self, request):
- return AutocompleteJsonView.as_view(model_admin=self)(request)
-
- def add_view(self, request, form_url='', extra_context=None):
- return self.changeform_view(request, None, form_url, extra_context)
-
- def change_view(self, request, object_id, form_url='', extra_context=None):
- return self.changeform_view(request, object_id, form_url, extra_context)
-
- def _get_edited_object_pks(self, request, prefix):
- """Return POST data values of list_editable primary keys."""
- pk_pattern = re.compile(r'{}-\d+-{}$'.format(prefix, self.model._meta.pk.name))
- return [value for key, value in request.POST.items() if pk_pattern.match(key)]
-
- def _get_list_editable_queryset(self, request, prefix):
- """
- Based on POST data, return a queryset of the objects that were edited
- via list_editable.
- """
- object_pks = self._get_edited_object_pks(request, prefix)
- queryset = self.get_queryset(request)
- validate = queryset.model._meta.pk.to_python
- try:
- for pk in object_pks:
- validate(pk)
- except ValidationError:
- # Disable the optimization if the POST data was tampered with.
- return queryset
- return queryset.filter(pk__in=object_pks)
-
- @csrf_protect_m
- def changelist_view(self, request, extra_context=None):
- """
- The 'change list' admin view for this model.
- """
- from django.contrib.admin.views.main import ERROR_FLAG
- opts = self.model._meta
- app_label = opts.app_label
- if not self.has_view_or_change_permission(request):
- raise PermissionDenied
-
- try:
- cl = self.get_changelist_instance(request)
- except IncorrectLookupParameters:
- # Wacky lookup parameters were given, so redirect to the main
- # changelist page, without parameters, and pass an 'invalid=1'
- # parameter via the query string. If wacky parameters were given
- # and the 'invalid=1' parameter was already in the query string,
- # something is screwed up with the database, so display an error
- # page.
- if ERROR_FLAG in request.GET:
- return SimpleTemplateResponse('admin/invalid_setup.html', {
- 'title': _('Database error'),
- })
- return HttpResponseRedirect(request.path + '?' + ERROR_FLAG + '=1')
-
- # If the request was POSTed, this might be a bulk action or a bulk
- # edit. Try to look up an action or confirmation first, but if this
- # isn't an action the POST will fall through to the bulk edit check,
- # below.
- action_failed = False
- selected = request.POST.getlist(helpers.ACTION_CHECKBOX_NAME)
-
- actions = self.get_actions(request)
- # Actions with no confirmation
- if (actions and request.method == 'POST' and
- 'index' in request.POST and '_save' not in request.POST):
- if selected:
- response = self.response_action(request, queryset=cl.get_queryset(request))
- if response:
- return response
- else:
- action_failed = True
- else:
- msg = _("Items must be selected in order to perform "
- "actions on them. No items have been changed.")
- self.message_user(request, msg, messages.WARNING)
- action_failed = True
-
- # Actions with confirmation
- if (actions and request.method == 'POST' and
- helpers.ACTION_CHECKBOX_NAME in request.POST and
- 'index' not in request.POST and '_save' not in request.POST):
- if selected:
- response = self.response_action(request, queryset=cl.get_queryset(request))
- if response:
- return response
- else:
- action_failed = True
-
- if action_failed:
- # Redirect back to the changelist page to avoid resubmitting the
- # form if the user refreshes the browser or uses the "No, take
- # me back" button on the action confirmation page.
- return HttpResponseRedirect(request.get_full_path())
-
- # If we're allowing changelist editing, we need to construct a formset
- # for the changelist given all the fields to be edited. Then we'll
- # use the formset to validate/process POSTed data.
- formset = cl.formset = None
-
- # Handle POSTed bulk-edit data.
- if request.method == 'POST' and cl.list_editable and '_save' in request.POST:
- if not self.has_change_permission(request):
- raise PermissionDenied
- FormSet = self.get_changelist_formset(request)
- modified_objects = self._get_list_editable_queryset(request, FormSet.get_default_prefix())
- formset = cl.formset = FormSet(request.POST, request.FILES, queryset=modified_objects)
- if formset.is_valid():
- changecount = 0
- for form in formset.forms:
- if form.has_changed():
- obj = self.save_form(request, form, change=True)
- self.save_model(request, obj, form, change=True)
- self.save_related(request, form, formsets=[], change=True)
- change_msg = self.construct_change_message(request, form, None)
- self.log_change(request, obj, change_msg)
- changecount += 1
-
- if changecount:
- msg = ngettext(
- "%(count)s %(name)s was changed successfully.",
- "%(count)s %(name)s were changed successfully.",
- changecount
- ) % {
- 'count': changecount,
- 'name': model_ngettext(opts, changecount),
- }
- self.message_user(request, msg, messages.SUCCESS)
-
- return HttpResponseRedirect(request.get_full_path())
-
- # Handle GET -- construct a formset for display.
- elif cl.list_editable and self.has_change_permission(request):
- FormSet = self.get_changelist_formset(request)
- formset = cl.formset = FormSet(queryset=cl.result_list)
-
- # Build the list of media to be used by the formset.
- if formset:
- media = self.media + formset.media
- else:
- media = self.media
-
- # Build the action form and populate it with available actions.
- if actions:
- action_form = self.action_form(auto_id=None)
- action_form.fields['action'].choices = self.get_action_choices(request)
- media += action_form.media
- else:
- action_form = None
-
- selection_note_all = ngettext(
- '%(total_count)s selected',
- 'All %(total_count)s selected',
- cl.result_count
- )
-
- context = {
- **self.admin_site.each_context(request),
- 'module_name': str(opts.verbose_name_plural),
- 'selection_note': _('0 of %(cnt)s selected') % {'cnt': len(cl.result_list)},
- 'selection_note_all': selection_note_all % {'total_count': cl.result_count},
- 'title': cl.title,
- 'is_popup': cl.is_popup,
- 'to_field': cl.to_field,
- 'cl': cl,
- 'media': media,
- 'has_add_permission': self.has_add_permission(request),
- 'opts': cl.opts,
- 'action_form': action_form,
- 'actions_on_top': self.actions_on_top,
- 'actions_on_bottom': self.actions_on_bottom,
- 'actions_selection_counter': self.actions_selection_counter,
- 'preserved_filters': self.get_preserved_filters(request),
- **(extra_context or {}),
- }
-
- request.current_app = self.admin_site.name
-
- return TemplateResponse(request, self.change_list_template or [
- 'admin/%s/%s/change_list.html' % (app_label, opts.model_name),
- 'admin/%s/change_list.html' % app_label,
- 'admin/change_list.html'
- ], context)
-
- def get_deleted_objects(self, objs, request):
- """
- Hook for customizing the delete process for the delete view and the
- "delete selected" action.
- """
- return get_deleted_objects(objs, request, self.admin_site)
-
- @csrf_protect_m
- def delete_view(self, request, object_id, extra_context=None):
- with transaction.atomic(using=router.db_for_write(self.model)):
- return self._delete_view(request, object_id, extra_context)
-
- def _delete_view(self, request, object_id, extra_context):
- "The 'delete' admin view for this model."
- opts = self.model._meta
- app_label = opts.app_label
-
- to_field = request.POST.get(TO_FIELD_VAR, request.GET.get(TO_FIELD_VAR))
- if to_field and not self.to_field_allowed(request, to_field):
- raise DisallowedModelAdminToField("The field %s cannot be referenced." % to_field)
-
- obj = self.get_object(request, unquote(object_id), to_field)
-
- if not self.has_delete_permission(request, obj):
- raise PermissionDenied
-
- if obj is None:
- return self._get_obj_does_not_exist_redirect(request, opts, object_id)
-
- # Populate deleted_objects, a data structure of all related objects that
- # will also be deleted.
- deleted_objects, model_count, perms_needed, protected = self.get_deleted_objects([obj], request)
-
- if request.POST and not protected: # The user has confirmed the deletion.
- if perms_needed:
- raise PermissionDenied
- obj_display = str(obj)
- attr = str(to_field) if to_field else opts.pk.attname
- obj_id = obj.serializable_value(attr)
- self.log_deletion(request, obj, obj_display)
- self.delete_model(request, obj)
-
- return self.response_delete(request, obj_display, obj_id)
-
- object_name = str(opts.verbose_name)
-
- if perms_needed or protected:
- title = _("Cannot delete %(name)s") % {"name": object_name}
- else:
- title = _("Are you sure?")
-
- context = {
- **self.admin_site.each_context(request),
- 'title': title,
- 'object_name': object_name,
- 'object': obj,
- 'deleted_objects': deleted_objects,
- 'model_count': dict(model_count).items(),
- 'perms_lacking': perms_needed,
- 'protected': protected,
- 'opts': opts,
- 'app_label': app_label,
- 'preserved_filters': self.get_preserved_filters(request),
- 'is_popup': IS_POPUP_VAR in request.POST or IS_POPUP_VAR in request.GET,
- 'to_field': to_field,
- **(extra_context or {}),
- }
-
- return self.render_delete_form(request, context)
-
- def history_view(self, request, object_id, extra_context=None):
- "The 'history' admin view for this model."
- from django.contrib.admin.models import LogEntry
- # First check if the user can see this history.
- model = self.model
- obj = self.get_object(request, unquote(object_id))
- if obj is None:
- return self._get_obj_does_not_exist_redirect(request, model._meta, object_id)
-
- if not self.has_view_or_change_permission(request, obj):
- raise PermissionDenied
-
- # Then get the history for this object.
- opts = model._meta
- app_label = opts.app_label
- action_list = LogEntry.objects.filter(
- object_id=unquote(object_id),
- content_type=get_content_type_for_model(model)
- ).select_related().order_by('action_time')
-
- context = {
- **self.admin_site.each_context(request),
- 'title': _('Change history: %s') % obj,
- 'action_list': action_list,
- 'module_name': str(capfirst(opts.verbose_name_plural)),
- 'object': obj,
- 'opts': opts,
- 'preserved_filters': self.get_preserved_filters(request),
- **(extra_context or {}),
- }
-
- request.current_app = self.admin_site.name
-
- return TemplateResponse(request, self.object_history_template or [
- "admin/%s/%s/object_history.html" % (app_label, opts.model_name),
- "admin/%s/object_history.html" % app_label,
- "admin/object_history.html"
- ], context)
-
- def _create_formsets(self, request, obj, change):
- "Helper function to generate formsets for add/change_view."
- formsets = []
- inline_instances = []
- prefixes = {}
- get_formsets_args = [request]
- if change:
- get_formsets_args.append(obj)
- for FormSet, inline in self.get_formsets_with_inlines(*get_formsets_args):
- prefix = FormSet.get_default_prefix()
- prefixes[prefix] = prefixes.get(prefix, 0) + 1
- if prefixes[prefix] != 1 or not prefix:
- prefix = "%s-%s" % (prefix, prefixes[prefix])
- formset_params = {
- 'instance': obj,
- 'prefix': prefix,
- 'queryset': inline.get_queryset(request),
- }
- if request.method == 'POST':
- formset_params.update({
- 'data': request.POST.copy(),
- 'files': request.FILES,
- 'save_as_new': '_saveasnew' in request.POST
- })
- formset = FormSet(**formset_params)
-
- def user_deleted_form(request, obj, formset, index):
- """Return whether or not the user deleted the form."""
- return (
- inline.has_delete_permission(request, obj) and
- '{}-{}-DELETE'.format(formset.prefix, index) in request.POST
- )
-
- # Bypass validation of each view-only inline form (since the form's
- # data won't be in request.POST), unless the form was deleted.
- if not inline.has_change_permission(request, obj if change else None):
- for index, form in enumerate(formset.initial_forms):
- if user_deleted_form(request, obj, formset, index):
- continue
- form._errors = {}
- form.cleaned_data = form.initial
- formsets.append(formset)
- inline_instances.append(inline)
- return formsets, inline_instances
-
-
- class InlineModelAdmin(BaseModelAdmin):
- """
- Options for inline editing of ``model`` instances.
-
- Provide ``fk_name`` to specify the attribute name of the ``ForeignKey``
- from ``model`` to its parent. This is required if ``model`` has more than
- one ``ForeignKey`` to its parent.
- """
- model = None
- fk_name = None
- formset = BaseInlineFormSet
- extra = 3
- min_num = None
- max_num = None
- template = None
- verbose_name = None
- verbose_name_plural = None
- can_delete = True
- show_change_link = False
- checks_class = InlineModelAdminChecks
- classes = None
-
- def __init__(self, parent_model, admin_site):
- self.admin_site = admin_site
- self.parent_model = parent_model
- self.opts = self.model._meta
- self.has_registered_model = admin_site.is_registered(self.model)
- super().__init__()
- if self.verbose_name is None:
- self.verbose_name = self.model._meta.verbose_name
- if self.verbose_name_plural is None:
- self.verbose_name_plural = self.model._meta.verbose_name_plural
-
- @property
- def media(self):
- extra = '' if settings.DEBUG else '.min'
- js = ['vendor/jquery/jquery%s.js' % extra, 'jquery.init.js',
- 'inlines%s.js' % extra]
- if self.filter_vertical or self.filter_horizontal:
- js.extend(['SelectBox.js', 'SelectFilter2.js'])
- if self.classes and 'collapse' in self.classes:
- js.append('collapse%s.js' % extra)
- return forms.Media(js=['admin/js/%s' % url for url in js])
-
- def _has_add_permission(self, request, obj):
- # RemovedInDjango30Warning: obj will be a required argument.
- args = get_func_args(self.has_add_permission)
- return self.has_add_permission(request, obj) if 'obj' in args else self.has_add_permission(request)
-
- def get_extra(self, request, obj=None, **kwargs):
- """Hook for customizing the number of extra inline forms."""
- return self.extra
-
- def get_min_num(self, request, obj=None, **kwargs):
- """Hook for customizing the min number of inline forms."""
- return self.min_num
-
- def get_max_num(self, request, obj=None, **kwargs):
- """Hook for customizing the max number of extra inline forms."""
- return self.max_num
-
- def get_formset(self, request, obj=None, **kwargs):
- """Return a BaseInlineFormSet class for use in admin add/change views."""
- if 'fields' in kwargs:
- fields = kwargs.pop('fields')
- else:
- fields = flatten_fieldsets(self.get_fieldsets(request, obj))
- excluded = self.get_exclude(request, obj)
- exclude = [] if excluded is None else list(excluded)
- exclude.extend(self.get_readonly_fields(request, obj))
- if excluded is None and hasattr(self.form, '_meta') and self.form._meta.exclude:
- # Take the custom ModelForm's Meta.exclude into account only if the
- # InlineModelAdmin doesn't define its own.
- exclude.extend(self.form._meta.exclude)
- # If exclude is an empty list we use None, since that's the actual
- # default.
- exclude = exclude or None
- can_delete = self.can_delete and self.has_delete_permission(request, obj)
- defaults = {
- 'form': self.form,
- 'formset': self.formset,
- 'fk_name': self.fk_name,
- 'fields': fields,
- 'exclude': exclude,
- 'formfield_callback': partial(self.formfield_for_dbfield, request=request),
- 'extra': self.get_extra(request, obj, **kwargs),
- 'min_num': self.get_min_num(request, obj, **kwargs),
- 'max_num': self.get_max_num(request, obj, **kwargs),
- 'can_delete': can_delete,
- **kwargs,
- }
-
- base_model_form = defaults['form']
- can_change = self.has_change_permission(request, obj) if request else True
- can_add = self._has_add_permission(request, obj) if request else True
-
- class DeleteProtectedModelForm(base_model_form):
-
- def hand_clean_DELETE(self):
- """
- We don't validate the 'DELETE' field itself because on
- templates it's not rendered using the field information, but
- just using a generic "deletion_field" of the InlineModelAdmin.
- """
- if self.cleaned_data.get(DELETION_FIELD_NAME, False):
- using = router.db_for_write(self._meta.model)
- collector = NestedObjects(using=using)
- if self.instance._state.adding:
- return
- collector.collect([self.instance])
- if collector.protected:
- objs = []
- for p in collector.protected:
- objs.append(
- # Translators: Model verbose name and instance representation,
- # suitable to be an item in a list.
- _('%(class_name)s %(instance)s') % {
- 'class_name': p._meta.verbose_name,
- 'instance': p}
- )
- params = {
- 'class_name': self._meta.model._meta.verbose_name,
- 'instance': self.instance,
- 'related_objects': get_text_list(objs, _('and')),
- }
- msg = _("Deleting %(class_name)s %(instance)s would require "
- "deleting the following protected related objects: "
- "%(related_objects)s")
- raise ValidationError(msg, code='deleting_protected', params=params)
-
- def is_valid(self):
- result = super().is_valid()
- self.hand_clean_DELETE()
- return result
-
- def has_changed(self):
- # Protect against unauthorized edits.
- if not can_change and not self.instance._state.adding:
- return False
- if not can_add and self.instance._state.adding:
- return False
- return super().has_changed()
-
- defaults['form'] = DeleteProtectedModelForm
-
- if defaults['fields'] is None and not modelform_defines_fields(defaults['form']):
- defaults['fields'] = forms.ALL_FIELDS
-
- return inlineformset_factory(self.parent_model, self.model, **defaults)
-
- def _get_form_for_get_fields(self, request, obj=None):
- return self.get_formset(request, obj, fields=None).form
-
- def get_queryset(self, request):
- queryset = super().get_queryset(request)
- if not self.has_view_or_change_permission(request):
- queryset = queryset.none()
- return queryset
-
- def _has_any_perms_for_target_model(self, request, perms):
- """
- This method is called only when the ModelAdmin's model is for an
- ManyToManyField's implicit through model (if self.opts.auto_created).
- Return True if the user has any of the given permissions ('add',
- 'change', etc.) for the model that points to the through model.
- """
- opts = self.opts
- # Find the target model of an auto-created many-to-many relationship.
- for field in opts.fields:
- if field.remote_field and field.remote_field.model != self.parent_model:
- opts = field.remote_field.model._meta
- break
- return any(
- request.user.has_perm('%s.%s' % (opts.app_label, get_permission_codename(perm, opts)))
- for perm in perms
- )
-
- def has_add_permission(self, request, obj=None):
- # RemovedInDjango30Warning: obj becomes a mandatory argument.
- if self.opts.auto_created:
- # Auto-created intermediate models don't have their own
- # permissions. The user needs to have the change permission for the
- # related model in order to be able to do anything with the
- # intermediate model.
- return self._has_any_perms_for_target_model(request, ['change'])
- return super().has_add_permission(request)
-
- def has_change_permission(self, request, obj=None):
- if self.opts.auto_created:
- # Same comment as has_add_permission().
- return self._has_any_perms_for_target_model(request, ['change'])
- return super().has_change_permission(request)
-
- def has_delete_permission(self, request, obj=None):
- if self.opts.auto_created:
- # Same comment as has_add_permission().
- return self._has_any_perms_for_target_model(request, ['change'])
- return super().has_delete_permission(request, obj)
-
- def has_view_permission(self, request, obj=None):
- if self.opts.auto_created:
- # Same comment as has_add_permission(). The 'change' permission
- # also implies the 'view' permission.
- return self._has_any_perms_for_target_model(request, ['view', 'change'])
- return super().has_view_permission(request)
-
-
- class StackedInline(InlineModelAdmin):
- template = 'admin/edit_inline/stacked.html'
-
-
- class TabularInline(InlineModelAdmin):
- template = 'admin/edit_inline/tabular.html'
|