|
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606 |
- import re
- from functools import update_wrapper
- from weakref import WeakSet
-
- from django.apps import apps
- from django.conf import settings
- from django.contrib.admin import ModelAdmin, actions
- from django.contrib.admin.views.autocomplete import AutocompleteJsonView
- from django.contrib.auth import REDIRECT_FIELD_NAME
- from django.core.exceptions import ImproperlyConfigured
- from django.db.models.base import ModelBase
- from django.http import Http404, HttpResponsePermanentRedirect, HttpResponseRedirect
- from django.template.response import TemplateResponse
- from django.urls import NoReverseMatch, Resolver404, resolve, reverse
- from django.utils.decorators import method_decorator
- from django.utils.functional import LazyObject
- from django.utils.module_loading import import_string
- from django.utils.text import capfirst
- from django.utils.translation import gettext as _
- from django.utils.translation import gettext_lazy
- from django.views.decorators.cache import never_cache
- from django.views.decorators.common import no_append_slash
- from django.views.decorators.csrf import csrf_protect
- from django.views.i18n import JavaScriptCatalog
-
- all_sites = WeakSet()
-
-
- class AlreadyRegistered(Exception):
- pass
-
-
- class NotRegistered(Exception):
- pass
-
-
- class AdminSite:
- """
- An AdminSite object encapsulates an instance of the Django admin application, ready
- to be hooked in to your URLconf. Models are registered with the AdminSite using the
- register() method, and the get_urls() method can then be used to access Django view
- functions that present a full admin interface for the collection of registered
- models.
- """
-
- # Text to put at the end of each page's <title>.
- site_title = gettext_lazy("Django site admin")
-
- # Text to put in each page's <h1>.
- site_header = gettext_lazy("Django administration")
-
- # Text to put at the top of the admin index page.
- index_title = gettext_lazy("Site administration")
-
- # URL for the "View site" link at the top of each admin page.
- site_url = "/"
-
- enable_nav_sidebar = True
-
- empty_value_display = "-"
-
- login_form = None
- index_template = None
- app_index_template = None
- login_template = None
- logout_template = None
- password_change_template = None
- password_change_done_template = None
-
- final_catch_all_view = True
-
- def __init__(self, name="admin"):
- self._registry = {} # model_class class -> admin_class instance
- self.name = name
- self._actions = {"delete_selected": actions.delete_selected}
- self._global_actions = self._actions.copy()
- all_sites.add(self)
-
- def __repr__(self):
- return f"{self.__class__.__name__}(name={self.name!r})"
-
- def check(self, app_configs):
- """
- Run the system checks on all ModelAdmins, except if they aren't
- customized at all.
- """
- if app_configs is None:
- app_configs = apps.get_app_configs()
- app_configs = set(app_configs) # Speed up lookups below
-
- errors = []
- modeladmins = (
- o for o in self._registry.values() if o.__class__ is not ModelAdmin
- )
- for modeladmin in modeladmins:
- if modeladmin.model._meta.app_config in app_configs:
- errors.extend(modeladmin.check())
- return errors
-
- def register(self, model_or_iterable, admin_class=None, **options):
- """
- Register the given model(s) with the given admin class.
-
- The model(s) should be Model classes, not instances.
-
- If an admin class isn't given, use ModelAdmin (the default admin
- options). If keyword arguments are given -- e.g., list_display --
- apply them as options to the admin class.
-
- If a model is already registered, raise AlreadyRegistered.
-
- If a model is abstract, raise ImproperlyConfigured.
- """
- admin_class = admin_class or ModelAdmin
- if isinstance(model_or_iterable, ModelBase):
- model_or_iterable = [model_or_iterable]
- for model in model_or_iterable:
- if model._meta.abstract:
- raise ImproperlyConfigured(
- "The model %s is abstract, so it cannot be registered with admin."
- % model.__name__
- )
-
- if model in self._registry:
- registered_admin = str(self._registry[model])
- msg = "The model %s is already registered " % model.__name__
- if registered_admin.endswith(".ModelAdmin"):
- # Most likely registered without a ModelAdmin subclass.
- msg += "in app %r." % re.sub(r"\.ModelAdmin$", "", registered_admin)
- else:
- msg += "with %r." % registered_admin
- raise AlreadyRegistered(msg)
-
- # Ignore the registration if the model has been
- # swapped out.
- if not model._meta.swapped:
- # If we got **options then dynamically construct a subclass of
- # admin_class with those **options.
- if options:
- # For reasons I don't quite understand, without a __module__
- # the created class appears to "live" in the wrong place,
- # which causes issues later on.
- options["__module__"] = __name__
- admin_class = type(
- "%sAdmin" % model.__name__, (admin_class,), options
- )
-
- # Instantiate the admin class to save in the registry
- self._registry[model] = admin_class(model, self)
-
- def unregister(self, model_or_iterable):
- """
- Unregister the given model(s).
-
- If a model isn't already registered, raise NotRegistered.
- """
- if isinstance(model_or_iterable, ModelBase):
- model_or_iterable = [model_or_iterable]
- for model in model_or_iterable:
- if model not in self._registry:
- raise NotRegistered("The model %s is not registered" % model.__name__)
- del self._registry[model]
-
- def is_registered(self, model):
- """
- Check if a model class is registered with this `AdminSite`.
- """
- return model in self._registry
-
- def add_action(self, action, name=None):
- """
- Register an action to be available globally.
- """
- name = name or action.__name__
- self._actions[name] = action
- self._global_actions[name] = action
-
- def disable_action(self, name):
- """
- Disable a globally-registered action. Raise KeyError for invalid names.
- """
- del self._actions[name]
-
- def get_action(self, name):
- """
- Explicitly get a registered global action whether it's enabled or
- not. Raise KeyError for invalid names.
- """
- return self._global_actions[name]
-
- @property
- def actions(self):
- """
- Get all the enabled actions as an iterable of (name, func).
- """
- return self._actions.items()
-
- def has_permission(self, request):
- """
- Return True if the given HttpRequest has permission to view
- *at least one* page in the admin site.
- """
- return request.user.is_active and request.user.is_staff
-
- def admin_view(self, view, cacheable=False):
- """
- Decorator to create an admin view attached to this ``AdminSite``. This
- wraps the view and provides permission checking by calling
- ``self.has_permission``.
-
- You'll want to use this from within ``AdminSite.get_urls()``:
-
- class MyAdminSite(AdminSite):
-
- def get_urls(self):
- from django.urls import path
-
- urls = super().get_urls()
- urls += [
- path('my_view/', self.admin_view(some_view))
- ]
- return urls
-
- By default, admin_views are marked non-cacheable using the
- ``never_cache`` decorator. If the view can be safely cached, set
- cacheable=True.
- """
-
- def inner(request, *args, **kwargs):
- if not self.has_permission(request):
- if request.path == reverse("admin:logout", current_app=self.name):
- index_path = reverse("admin:index", current_app=self.name)
- return HttpResponseRedirect(index_path)
- # Inner import to prevent django.contrib.admin (app) from
- # importing django.contrib.auth.models.User (unrelated model).
- from django.contrib.auth.views import redirect_to_login
-
- return redirect_to_login(
- request.get_full_path(),
- reverse("admin:login", current_app=self.name),
- )
- return view(request, *args, **kwargs)
-
- if not cacheable:
- inner = never_cache(inner)
- # We add csrf_protect here so this function can be used as a utility
- # function for any view, without having to repeat 'csrf_protect'.
- if not getattr(view, "csrf_exempt", False):
- inner = csrf_protect(inner)
- return update_wrapper(inner, view)
-
- def get_urls(self):
- # Since this module gets imported in the application's root package,
- # it cannot import models from other applications at the module level,
- # and django.contrib.contenttypes.views imports ContentType.
- from django.contrib.contenttypes import views as contenttype_views
- from django.urls import include, path, re_path
-
- def wrap(view, cacheable=False):
- def wrapper(*args, **kwargs):
- return self.admin_view(view, cacheable)(*args, **kwargs)
-
- wrapper.admin_site = self
- return update_wrapper(wrapper, view)
-
- # Admin-site-wide views.
- urlpatterns = [
- path("", wrap(self.index), name="index"),
- path("login/", self.login, name="login"),
- path("logout/", wrap(self.logout), name="logout"),
- path(
- "password_change/",
- wrap(self.password_change, cacheable=True),
- name="password_change",
- ),
- path(
- "password_change/done/",
- wrap(self.password_change_done, cacheable=True),
- name="password_change_done",
- ),
- path("autocomplete/", wrap(self.autocomplete_view), name="autocomplete"),
- path("jsi18n/", wrap(self.i18n_javascript, cacheable=True), name="jsi18n"),
- path(
- "r/<int:content_type_id>/<path:object_id>/",
- wrap(contenttype_views.shortcut),
- name="view_on_site",
- ),
- ]
-
- # Add in each model's views, and create a list of valid URLS for the
- # app_index
- valid_app_labels = []
- for model, model_admin in self._registry.items():
- urlpatterns += [
- path(
- "%s/%s/" % (model._meta.app_label, model._meta.model_name),
- include(model_admin.urls),
- ),
- ]
- if model._meta.app_label not in valid_app_labels:
- valid_app_labels.append(model._meta.app_label)
-
- # If there were ModelAdmins registered, we should have a list of app
- # labels for which we need to allow access to the app_index view,
- if valid_app_labels:
- regex = r"^(?P<app_label>" + "|".join(valid_app_labels) + ")/$"
- urlpatterns += [
- re_path(regex, wrap(self.app_index), name="app_list"),
- ]
-
- if self.final_catch_all_view:
- urlpatterns.append(re_path(r"(?P<url>.*)$", wrap(self.catch_all_view)))
-
- return urlpatterns
-
- @property
- def urls(self):
- return self.get_urls(), "admin", self.name
-
- def each_context(self, request):
- """
- Return a dictionary of variables to put in the template context for
- *every* page in the admin site.
-
- For sites running on a subpath, use the SCRIPT_NAME value if site_url
- hasn't been customized.
- """
- script_name = request.META["SCRIPT_NAME"]
- site_url = (
- script_name if self.site_url == "/" and script_name else self.site_url
- )
- return {
- "site_title": self.site_title,
- "site_header": self.site_header,
- "site_url": site_url,
- "has_permission": self.has_permission(request),
- "available_apps": self.get_app_list(request),
- "is_popup": False,
- "is_nav_sidebar_enabled": self.enable_nav_sidebar,
- }
-
- def password_change(self, request, extra_context=None):
- """
- Handle the "change password" task -- both form display and validation.
- """
- from django.contrib.admin.forms import AdminPasswordChangeForm
- from django.contrib.auth.views import PasswordChangeView
-
- url = reverse("admin:password_change_done", current_app=self.name)
- defaults = {
- "form_class": AdminPasswordChangeForm,
- "success_url": url,
- "extra_context": {**self.each_context(request), **(extra_context or {})},
- }
- if self.password_change_template is not None:
- defaults["template_name"] = self.password_change_template
- request.current_app = self.name
- return PasswordChangeView.as_view(**defaults)(request)
-
- def password_change_done(self, request, extra_context=None):
- """
- Display the "success" page after a password change.
- """
- from django.contrib.auth.views import PasswordChangeDoneView
-
- defaults = {
- "extra_context": {**self.each_context(request), **(extra_context or {})},
- }
- if self.password_change_done_template is not None:
- defaults["template_name"] = self.password_change_done_template
- request.current_app = self.name
- return PasswordChangeDoneView.as_view(**defaults)(request)
-
- def i18n_javascript(self, request, extra_context=None):
- """
- Display the i18n JavaScript that the Django admin requires.
-
- `extra_context` is unused but present for consistency with the other
- admin views.
- """
- return JavaScriptCatalog.as_view(packages=["django.contrib.admin"])(request)
-
- def logout(self, request, extra_context=None):
- """
- Log out the user for the given HttpRequest.
-
- This should *not* assume the user is already logged in.
- """
- from django.contrib.auth.views import LogoutView
-
- defaults = {
- "extra_context": {
- **self.each_context(request),
- # Since the user isn't logged out at this point, the value of
- # has_permission must be overridden.
- "has_permission": False,
- **(extra_context or {}),
- },
- }
- if self.logout_template is not None:
- defaults["template_name"] = self.logout_template
- request.current_app = self.name
- return LogoutView.as_view(**defaults)(request)
-
- @method_decorator(never_cache)
- def login(self, request, extra_context=None):
- """
- Display the login form for the given HttpRequest.
- """
- if request.method == "GET" and self.has_permission(request):
- # Already logged-in, redirect to admin index
- index_path = reverse("admin:index", current_app=self.name)
- return HttpResponseRedirect(index_path)
-
- # Since this module gets imported in the application's root package,
- # it cannot import models from other applications at the module level,
- # and django.contrib.admin.forms eventually imports User.
- from django.contrib.admin.forms import AdminAuthenticationForm
- from django.contrib.auth.views import LoginView
-
- context = {
- **self.each_context(request),
- "title": _("Log in"),
- "subtitle": None,
- "app_path": request.get_full_path(),
- "username": request.user.get_username(),
- }
- if (
- REDIRECT_FIELD_NAME not in request.GET
- and REDIRECT_FIELD_NAME not in request.POST
- ):
- context[REDIRECT_FIELD_NAME] = reverse("admin:index", current_app=self.name)
- context.update(extra_context or {})
-
- defaults = {
- "extra_context": context,
- "authentication_form": self.login_form or AdminAuthenticationForm,
- "template_name": self.login_template or "admin/login.html",
- }
- request.current_app = self.name
- return LoginView.as_view(**defaults)(request)
-
- def autocomplete_view(self, request):
- return AutocompleteJsonView.as_view(admin_site=self)(request)
-
- @no_append_slash
- def catch_all_view(self, request, url):
- if settings.APPEND_SLASH and not url.endswith("/"):
- urlconf = getattr(request, "urlconf", None)
- try:
- match = resolve("%s/" % request.path_info, urlconf)
- except Resolver404:
- pass
- else:
- if getattr(match.func, "should_append_slash", True):
- return HttpResponsePermanentRedirect("%s/" % request.path)
- raise Http404
-
- def _build_app_dict(self, request, label=None):
- """
- Build the app dictionary. The optional `label` parameter filters models
- of a specific app.
- """
- app_dict = {}
-
- if label:
- models = {
- m: m_a
- for m, m_a in self._registry.items()
- if m._meta.app_label == label
- }
- else:
- models = self._registry
-
- for model, model_admin in models.items():
- app_label = model._meta.app_label
-
- has_module_perms = model_admin.has_module_permission(request)
- if not has_module_perms:
- continue
-
- perms = model_admin.get_model_perms(request)
-
- # Check whether user has any perm for this module.
- # If so, add the module to the model_list.
- if True not in perms.values():
- continue
-
- info = (app_label, model._meta.model_name)
- model_dict = {
- "model": model,
- "name": capfirst(model._meta.verbose_name_plural),
- "object_name": model._meta.object_name,
- "perms": perms,
- "admin_url": None,
- "add_url": None,
- }
- if perms.get("change") or perms.get("view"):
- model_dict["view_only"] = not perms.get("change")
- try:
- model_dict["admin_url"] = reverse(
- "admin:%s_%s_changelist" % info, current_app=self.name
- )
- except NoReverseMatch:
- pass
- if perms.get("add"):
- try:
- model_dict["add_url"] = reverse(
- "admin:%s_%s_add" % info, current_app=self.name
- )
- except NoReverseMatch:
- pass
-
- if app_label in app_dict:
- app_dict[app_label]["models"].append(model_dict)
- else:
- app_dict[app_label] = {
- "name": apps.get_app_config(app_label).verbose_name,
- "app_label": app_label,
- "app_url": reverse(
- "admin:app_list",
- kwargs={"app_label": app_label},
- current_app=self.name,
- ),
- "has_module_perms": has_module_perms,
- "models": [model_dict],
- }
-
- return app_dict
-
- def get_app_list(self, request, app_label=None):
- """
- Return a sorted list of all the installed apps that have been
- registered in this site.
- """
- app_dict = self._build_app_dict(request, app_label)
-
- # Sort the apps alphabetically.
- app_list = sorted(app_dict.values(), key=lambda x: x["name"].lower())
-
- # Sort the models alphabetically within each app.
- for app in app_list:
- app["models"].sort(key=lambda x: x["name"])
-
- return app_list
-
- def index(self, request, extra_context=None):
- """
- Display the main admin index page, which lists all of the installed
- apps that have been registered in this site.
- """
- app_list = self.get_app_list(request)
-
- context = {
- **self.each_context(request),
- "title": self.index_title,
- "subtitle": None,
- "app_list": app_list,
- **(extra_context or {}),
- }
-
- request.current_app = self.name
-
- return TemplateResponse(
- request, self.index_template or "admin/index.html", context
- )
-
- def app_index(self, request, app_label, extra_context=None):
- app_list = self.get_app_list(request, app_label)
-
- if not app_list:
- raise Http404("The requested admin page does not exist.")
-
- context = {
- **self.each_context(request),
- "title": _("%(app)s administration") % {"app": app_list[0]["name"]},
- "subtitle": None,
- "app_list": app_list,
- "app_label": app_label,
- **(extra_context or {}),
- }
-
- request.current_app = self.name
-
- return TemplateResponse(
- request,
- self.app_index_template
- or ["admin/%s/app_index.html" % app_label, "admin/app_index.html"],
- context,
- )
-
-
- class DefaultAdminSite(LazyObject):
- def _setup(self):
- AdminSiteClass = import_string(apps.get_app_config("admin").default_site)
- self._wrapped = AdminSiteClass()
-
- def __repr__(self):
- return repr(self._wrapped)
-
-
- # This global object represents the default admin site, for the common case.
- # You can provide your own AdminSite using the (Simple)AdminConfig.default_site
- # attribute. You can also instantiate AdminSite in your own code to create a
- # custom admin site.
- site = DefaultAdminSite()
|