12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334133513361337133813391340134113421343134413451346134713481349135013511352135313541355135613571358135913601361136213631364136513661367136813691370137113721373137413751376137713781379138013811382138313841385138613871388138913901391139213931394139513961397139813991400140114021403140414051406140714081409141014111412141314141415141614171418141914201421142214231424142514261427142814291430143114321433143414351436143714381439144014411442144314441445144614471448144914501451145214531454145514561457145814591460146114621463146414651466146714681469147014711472147314741475147614771478147914801481148214831484148514861487148814891490149114921493149414951496149714981499150015011502150315041505150615071508150915101511151215131514151515161517151815191520152115221523152415251526152715281529153015311532153315341535153615371538153915401541154215431544154515461547154815491550155115521553155415551556155715581559156015611562156315641565156615671568156915701571157215731574157515761577157815791580158115821583158415851586158715881589159015911592159315941595159615971598159916001601160216031604160516061607160816091610161116121613161416151616161716181619162016211622162316241625162616271628162916301631163216331634163516361637163816391640164116421643164416451646164716481649165016511652165316541655165616571658165916601661166216631664166516661667166816691670167116721673167416751676167716781679168016811682168316841685168616871688168916901691169216931694169516961697169816991700170117021703170417051706170717081709171017111712171317141715171617171718171917201721172217231724172517261727172817291730173117321733173417351736173717381739174017411742174317441745174617471748174917501751175217531754175517561757175817591760176117621763176417651766176717681769177017711772177317741775177617771778177917801781178217831784178517861787178817891790179117921793179417951796179717981799180018011802180318041805180618071808180918101811181218131814181518161817181818191820182118221823182418251826182718281829183018311832183318341835183618371838183918401841184218431844184518461847184818491850185118521853185418551856185718581859186018611862186318641865186618671868186918701871187218731874187518761877187818791880188118821883188418851886188718881889189018911892189318941895189618971898189919001901190219031904190519061907190819091910191119121913191419151916191719181919192019211922192319241925192619271928192919301931193219331934193519361937193819391940194119421943194419451946194719481949195019511952195319541955195619571958195919601961196219631964196519661967196819691970197119721973197419751976197719781979198019811982198319841985198619871988198919901991199219931994199519961997199819992000200120022003200420052006200720082009201020112012201320142015201620172018201920202021202220232024202520262027202820292030203120322033203420352036203720382039204020412042204320442045204620472048204920502051205220532054205520562057205820592060206120622063206420652066206720682069207020712072207320742075207620772078207920802081208220832084208520862087208820892090209120922093209420952096209720982099210021012102210321042105210621072108210921102111211221132114211521162117211821192120212121222123212421252126212721282129213021312132213321342135213621372138213921402141214221432144214521462147214821492150215121522153215421552156215721582159216021612162216321642165216621672168216921702171217221732174217521762177217821792180218121822183218421852186218721882189219021912192219321942195219621972198219922002201220222032204220522062207220822092210221122122213221422152216221722182219222022212222222322242225222622272228222922302231223222332234223522362237223822392240224122422243224422452246224722482249225022512252225322542255225622572258225922602261226222632264226522662267226822692270227122722273227422752276227722782279228022812282228322842285228622872288228922902291229222932294229522962297229822992300230123022303230423052306230723082309231023112312231323142315231623172318231923202321232223232324232523262327232823292330233123322333233423352336233723382339234023412342234323442345234623472348234923502351235223532354235523562357235823592360236123622363236423652366236723682369237023712372237323742375237623772378237923802381238223832384238523862387238823892390239123922393239423952396239723982399240024012402240324042405240624072408240924102411241224132414241524162417241824192420242124222423242424252426242724282429243024312432243324342435243624372438243924402441244224432444244524462447244824492450245124522453245424552456245724582459246024612462246324642465246624672468246924702471247224732474247524762477247824792480248124822483248424852486248724882489249024912492249324942495249624972498249925002501250225032504250525062507 |
- import copy
- import json
- import re
- from functools import partial, update_wrapper
- from urllib.parse import quote as urlquote
-
- from django import forms
- from django.conf import settings
- from django.contrib import messages
- from django.contrib.admin import helpers, widgets
- from django.contrib.admin.checks import (
- BaseModelAdminChecks,
- InlineModelAdminChecks,
- ModelAdminChecks,
- )
- from django.contrib.admin.decorators import display
- from django.contrib.admin.exceptions import DisallowedModelAdminToField
- from django.contrib.admin.templatetags.admin_urls import add_preserved_filters
- from django.contrib.admin.utils import (
- NestedObjects,
- construct_change_message,
- flatten_fieldsets,
- get_deleted_objects,
- lookup_spawns_duplicates,
- model_format_dict,
- model_ngettext,
- quote,
- unquote,
- )
- from django.contrib.admin.widgets import AutocompleteSelect, AutocompleteSelectMultiple
- from django.contrib.auth import get_permission_codename
- from django.core.exceptions import (
- FieldDoesNotExist,
- FieldError,
- PermissionDenied,
- ValidationError,
- )
- from django.core.paginator import Paginator
- from django.db import models, router, transaction
- from django.db.models.constants import LOOKUP_SEP
- from django.forms.formsets import DELETION_FIELD_NAME, all_valid
- from django.forms.models import (
- BaseInlineFormSet,
- inlineformset_factory,
- modelform_defines_fields,
- modelform_factory,
- modelformset_factory,
- )
- from django.forms.widgets import CheckboxSelectMultiple, SelectMultiple
- from django.http import HttpResponseRedirect
- from django.http.response import HttpResponseBase
- from django.template.response import SimpleTemplateResponse, TemplateResponse
- from django.urls import reverse
- from django.utils.decorators import method_decorator
- from django.utils.html import format_html
- from django.utils.http import urlencode
- from django.utils.safestring import mark_safe
- from django.utils.text import (
- capfirst,
- format_lazy,
- get_text_list,
- smart_split,
- unescape_string_literal,
- )
- from django.utils.translation import gettext as _
- from django.utils.translation import ngettext
- from django.views.decorators.csrf import csrf_protect
- from django.views.generic import RedirectView
-
- IS_POPUP_VAR = "_popup"
- TO_FIELD_VAR = "_to_field"
-
-
- HORIZONTAL, VERTICAL = 1, 2
-
-
- def get_content_type_for_model(obj):
- # Since this module gets imported in the application's root package,
- # it cannot import models from other applications at the module level.
- from django.contrib.contenttypes.models import ContentType
-
- return ContentType.objects.get_for_model(obj, for_concrete_model=False)
-
-
- def get_ul_class(radio_style):
- return "radiolist" if radio_style == VERTICAL else "radiolist inline"
-
-
- class IncorrectLookupParameters(Exception):
- pass
-
-
- # Defaults for formfield_overrides. ModelAdmin subclasses can change this
- # by adding to ModelAdmin.formfield_overrides.
-
- FORMFIELD_FOR_DBFIELD_DEFAULTS = {
- models.DateTimeField: {
- "form_class": forms.SplitDateTimeField,
- "widget": widgets.AdminSplitDateTime,
- },
- models.DateField: {"widget": widgets.AdminDateWidget},
- models.TimeField: {"widget": widgets.AdminTimeWidget},
- models.TextField: {"widget": widgets.AdminTextareaWidget},
- models.URLField: {"widget": widgets.AdminURLFieldWidget},
- models.IntegerField: {"widget": widgets.AdminIntegerFieldWidget},
- models.BigIntegerField: {"widget": widgets.AdminBigIntegerFieldWidget},
- models.CharField: {"widget": widgets.AdminTextInputWidget},
- models.ImageField: {"widget": widgets.AdminFileWidget},
- models.FileField: {"widget": widgets.AdminFileWidget},
- models.EmailField: {"widget": widgets.AdminEmailInputWidget},
- models.UUIDField: {"widget": widgets.AdminUUIDInputWidget},
- }
-
- csrf_protect_m = method_decorator(csrf_protect)
-
-
- class BaseModelAdmin(metaclass=forms.MediaDefiningClass):
- """Functionality common to both ModelAdmin and InlineAdmin."""
-
- autocomplete_fields = ()
- raw_id_fields = ()
- fields = None
- exclude = None
- fieldsets = None
- form = forms.ModelForm
- filter_vertical = ()
- filter_horizontal = ()
- radio_fields = {}
- prepopulated_fields = {}
- formfield_overrides = {}
- readonly_fields = ()
- ordering = None
- sortable_by = None
- view_on_site = True
- show_full_result_count = True
- checks_class = BaseModelAdminChecks
-
- def check(self, **kwargs):
- return self.checks_class().check(self, **kwargs)
-
- def __init__(self):
- # Merge FORMFIELD_FOR_DBFIELD_DEFAULTS with the formfield_overrides
- # rather than simply overwriting.
- overrides = copy.deepcopy(FORMFIELD_FOR_DBFIELD_DEFAULTS)
- for k, v in self.formfield_overrides.items():
- overrides.setdefault(k, {}).update(v)
- self.formfield_overrides = overrides
-
- def formfield_for_dbfield(self, db_field, request, **kwargs):
- """
- Hook for specifying the form Field instance for a given database Field
- instance.
-
- If kwargs are given, they're passed to the form Field's constructor.
- """
- # If the field specifies choices, we don't need to look for special
- # admin widgets - we just need to use a select widget of some kind.
- if db_field.choices:
- return self.formfield_for_choice_field(db_field, request, **kwargs)
-
- # ForeignKey or ManyToManyFields
- if isinstance(db_field, (models.ForeignKey, models.ManyToManyField)):
- # Combine the field kwargs with any options for formfield_overrides.
- # Make sure the passed in **kwargs override anything in
- # formfield_overrides because **kwargs is more specific, and should
- # always win.
- if db_field.__class__ in self.formfield_overrides:
- kwargs = {**self.formfield_overrides[db_field.__class__], **kwargs}
-
- # Get the correct formfield.
- if isinstance(db_field, models.ForeignKey):
- formfield = self.formfield_for_foreignkey(db_field, request, **kwargs)
- elif isinstance(db_field, models.ManyToManyField):
- formfield = self.formfield_for_manytomany(db_field, request, **kwargs)
-
- # For non-raw_id fields, wrap the widget with a wrapper that adds
- # extra HTML -- the "add other" interface -- to the end of the
- # rendered output. formfield can be None if it came from a
- # OneToOneField with parent_link=True or a M2M intermediary.
- if formfield and db_field.name not in self.raw_id_fields:
- related_modeladmin = self.admin_site._registry.get(
- db_field.remote_field.model
- )
- wrapper_kwargs = {}
- if related_modeladmin:
- wrapper_kwargs.update(
- can_add_related=related_modeladmin.has_add_permission(request),
- can_change_related=related_modeladmin.has_change_permission(
- request
- ),
- can_delete_related=related_modeladmin.has_delete_permission(
- request
- ),
- can_view_related=related_modeladmin.has_view_permission(
- request
- ),
- )
- formfield.widget = widgets.RelatedFieldWidgetWrapper(
- formfield.widget,
- db_field.remote_field,
- self.admin_site,
- **wrapper_kwargs,
- )
-
- return formfield
-
- # If we've got overrides for the formfield defined, use 'em. **kwargs
- # passed to formfield_for_dbfield override the defaults.
- for klass in db_field.__class__.mro():
- if klass in self.formfield_overrides:
- kwargs = {**copy.deepcopy(self.formfield_overrides[klass]), **kwargs}
- return db_field.formfield(**kwargs)
-
- # For any other type of field, just call its formfield() method.
- return db_field.formfield(**kwargs)
-
- def formfield_for_choice_field(self, db_field, request, **kwargs):
- """
- Get a form Field for a database Field that has declared choices.
- """
- # If the field is named as a radio_field, use a RadioSelect
- if db_field.name in self.radio_fields:
- # Avoid stomping on custom widget/choices arguments.
- if "widget" not in kwargs:
- kwargs["widget"] = widgets.AdminRadioSelect(
- attrs={
- "class": get_ul_class(self.radio_fields[db_field.name]),
- }
- )
- if "choices" not in kwargs:
- kwargs["choices"] = db_field.get_choices(
- include_blank=db_field.blank, blank_choice=[("", _("None"))]
- )
- return db_field.formfield(**kwargs)
-
- def get_field_queryset(self, db, db_field, request):
- """
- If the ModelAdmin specifies ordering, the queryset should respect that
- ordering. Otherwise don't specify the queryset, let the field decide
- (return None in that case).
- """
- related_admin = self.admin_site._registry.get(db_field.remote_field.model)
- if related_admin is not None:
- ordering = related_admin.get_ordering(request)
- if ordering is not None and ordering != ():
- return db_field.remote_field.model._default_manager.using(db).order_by(
- *ordering
- )
- return None
-
- def formfield_for_foreignkey(self, db_field, request, **kwargs):
- """
- Get a form Field for a ForeignKey.
- """
- db = kwargs.get("using")
-
- if "widget" not in kwargs:
- if db_field.name in self.get_autocomplete_fields(request):
- kwargs["widget"] = AutocompleteSelect(
- db_field, self.admin_site, using=db
- )
- elif db_field.name in self.raw_id_fields:
- kwargs["widget"] = widgets.ForeignKeyRawIdWidget(
- db_field.remote_field, self.admin_site, using=db
- )
- elif db_field.name in self.radio_fields:
- kwargs["widget"] = widgets.AdminRadioSelect(
- attrs={
- "class": get_ul_class(self.radio_fields[db_field.name]),
- }
- )
- kwargs["empty_label"] = (
- kwargs.get("empty_label", _("None")) if db_field.blank else None
- )
-
- if "queryset" not in kwargs:
- queryset = self.get_field_queryset(db, db_field, request)
- if queryset is not None:
- kwargs["queryset"] = queryset
-
- return db_field.formfield(**kwargs)
-
- def formfield_for_manytomany(self, db_field, request, **kwargs):
- """
- Get a form Field for a ManyToManyField.
- """
- # If it uses an intermediary model that isn't auto created, don't show
- # a field in admin.
- if not db_field.remote_field.through._meta.auto_created:
- return None
- db = kwargs.get("using")
-
- if "widget" not in kwargs:
- autocomplete_fields = self.get_autocomplete_fields(request)
- if db_field.name in autocomplete_fields:
- kwargs["widget"] = AutocompleteSelectMultiple(
- db_field,
- self.admin_site,
- using=db,
- )
- elif db_field.name in self.raw_id_fields:
- kwargs["widget"] = widgets.ManyToManyRawIdWidget(
- db_field.remote_field,
- self.admin_site,
- using=db,
- )
- elif db_field.name in [*self.filter_vertical, *self.filter_horizontal]:
- kwargs["widget"] = widgets.FilteredSelectMultiple(
- db_field.verbose_name, db_field.name in self.filter_vertical
- )
- if "queryset" not in kwargs:
- queryset = self.get_field_queryset(db, db_field, request)
- if queryset is not None:
- kwargs["queryset"] = queryset
-
- form_field = db_field.formfield(**kwargs)
- if isinstance(form_field.widget, SelectMultiple) and not isinstance(
- form_field.widget, (CheckboxSelectMultiple, AutocompleteSelectMultiple)
- ):
- msg = _(
- "Hold down “Control”, or “Command” on a Mac, to select more than one."
- )
- help_text = form_field.help_text
- form_field.help_text = (
- format_lazy("{} {}", help_text, msg) if help_text else msg
- )
- return form_field
-
- def get_autocomplete_fields(self, request):
- """
- Return a list of ForeignKey and/or ManyToMany fields which should use
- an autocomplete widget.
- """
- return self.autocomplete_fields
-
- def get_view_on_site_url(self, obj=None):
- if obj is None or not self.view_on_site:
- return None
-
- if callable(self.view_on_site):
- return self.view_on_site(obj)
- elif hasattr(obj, "get_absolute_url"):
- # use the ContentType lookup if view_on_site is True
- return reverse(
- "admin:view_on_site",
- kwargs={
- "content_type_id": get_content_type_for_model(obj).pk,
- "object_id": obj.pk,
- },
- current_app=self.admin_site.name,
- )
-
- def get_empty_value_display(self):
- """
- Return the empty_value_display set on ModelAdmin or AdminSite.
- """
- try:
- return mark_safe(self.empty_value_display)
- except AttributeError:
- return mark_safe(self.admin_site.empty_value_display)
-
- def get_exclude(self, request, obj=None):
- """
- Hook for specifying exclude.
- """
- return self.exclude
-
- def get_fields(self, request, obj=None):
- """
- Hook for specifying fields.
- """
- if self.fields:
- return self.fields
- # _get_form_for_get_fields() is implemented in subclasses.
- form = self._get_form_for_get_fields(request, obj)
- return [*form.base_fields, *self.get_readonly_fields(request, obj)]
-
- def get_fieldsets(self, request, obj=None):
- """
- Hook for specifying fieldsets.
- """
- if self.fieldsets:
- return self.fieldsets
- return [(None, {"fields": self.get_fields(request, obj)})]
-
- def get_inlines(self, request, obj):
- """Hook for specifying custom inlines."""
- return self.inlines
-
- def get_ordering(self, request):
- """
- Hook for specifying field ordering.
- """
- return self.ordering or () # otherwise we might try to *None, which is bad ;)
-
- def get_readonly_fields(self, request, obj=None):
- """
- Hook for specifying custom readonly fields.
- """
- return self.readonly_fields
-
- def get_prepopulated_fields(self, request, obj=None):
- """
- Hook for specifying custom prepopulated fields.
- """
- return self.prepopulated_fields
-
- def get_queryset(self, request):
- """
- Return a QuerySet of all model instances that can be edited by the
- admin site. This is used by changelist_view.
- """
- qs = self.model._default_manager.get_queryset()
- # TODO: this should be handled by some parameter to the ChangeList.
- ordering = self.get_ordering(request)
- if ordering:
- qs = qs.order_by(*ordering)
- return qs
-
- def get_sortable_by(self, request):
- """Hook for specifying which fields can be sorted in the changelist."""
- return (
- self.sortable_by
- if self.sortable_by is not None
- else self.get_list_display(request)
- )
-
- def lookup_allowed(self, lookup, value):
- from django.contrib.admin.filters import SimpleListFilter
-
- model = self.model
- # Check FKey lookups that are allowed, so that popups produced by
- # ForeignKeyRawIdWidget, on the basis of ForeignKey.limit_choices_to,
- # are allowed to work.
- for fk_lookup in model._meta.related_fkey_lookups:
- # As ``limit_choices_to`` can be a callable, invoke it here.
- if callable(fk_lookup):
- fk_lookup = fk_lookup()
- if (lookup, value) in widgets.url_params_from_lookup_dict(
- fk_lookup
- ).items():
- return True
-
- relation_parts = []
- prev_field = None
- for part in lookup.split(LOOKUP_SEP):
- try:
- field = model._meta.get_field(part)
- except FieldDoesNotExist:
- # Lookups on nonexistent fields are ok, since they're ignored
- # later.
- break
- # It is allowed to filter on values that would be found from local
- # model anyways. For example, if you filter on employee__department__id,
- # then the id value would be found already from employee__department_id.
- if not prev_field or (
- prev_field.is_relation
- and field not in prev_field.path_infos[-1].target_fields
- ):
- relation_parts.append(part)
- if not getattr(field, "path_infos", None):
- # This is not a relational field, so further parts
- # must be transforms.
- break
- prev_field = field
- model = field.path_infos[-1].to_opts.model
-
- if len(relation_parts) <= 1:
- # Either a local field filter, or no fields at all.
- return True
- valid_lookups = {self.date_hierarchy}
- for filter_item in self.list_filter:
- if isinstance(filter_item, type) and issubclass(
- filter_item, SimpleListFilter
- ):
- valid_lookups.add(filter_item.parameter_name)
- elif isinstance(filter_item, (list, tuple)):
- valid_lookups.add(filter_item[0])
- else:
- valid_lookups.add(filter_item)
-
- # Is it a valid relational lookup?
- return not {
- LOOKUP_SEP.join(relation_parts),
- LOOKUP_SEP.join(relation_parts + [part]),
- }.isdisjoint(valid_lookups)
-
- def to_field_allowed(self, request, to_field):
- """
- Return True if the model associated with this admin should be
- allowed to be referenced by the specified field.
- """
- opts = self.model._meta
-
- try:
- field = opts.get_field(to_field)
- except FieldDoesNotExist:
- return False
-
- # Always allow referencing the primary key since it's already possible
- # to get this information from the change view URL.
- if field.primary_key:
- return True
-
- # Allow reverse relationships to models defining m2m fields if they
- # target the specified field.
- for many_to_many in opts.many_to_many:
- if many_to_many.m2m_target_field_name() == to_field:
- return True
-
- # Make sure at least one of the models registered for this site
- # references this field through a FK or a M2M relationship.
- registered_models = set()
- for model, admin in self.admin_site._registry.items():
- registered_models.add(model)
- for inline in admin.inlines:
- registered_models.add(inline.model)
-
- related_objects = (
- f
- for f in opts.get_fields(include_hidden=True)
- if (f.auto_created and not f.concrete)
- )
- for related_object in related_objects:
- related_model = related_object.related_model
- remote_field = related_object.field.remote_field
- if (
- any(issubclass(model, related_model) for model in registered_models)
- and hasattr(remote_field, "get_related_field")
- and remote_field.get_related_field() == field
- ):
- return True
-
- return False
-
- def has_add_permission(self, request):
- """
- Return True if the given request has permission to add an object.
- Can be overridden by the user in subclasses.
- """
- opts = self.opts
- codename = get_permission_codename("add", opts)
- return request.user.has_perm("%s.%s" % (opts.app_label, codename))
-
- def has_change_permission(self, request, obj=None):
- """
- Return True if the given request has permission to change the given
- Django model instance, the default implementation doesn't examine the
- `obj` parameter.
-
- Can be overridden by the user in subclasses. In such case it should
- return True if the given request has permission to change the `obj`
- model instance. If `obj` is None, this should return True if the given
- request has permission to change *any* object of the given type.
- """
- opts = self.opts
- codename = get_permission_codename("change", opts)
- return request.user.has_perm("%s.%s" % (opts.app_label, codename))
-
- def has_delete_permission(self, request, obj=None):
- """
- Return True if the given request has permission to change the given
- Django model instance, the default implementation doesn't examine the
- `obj` parameter.
-
- Can be overridden by the user in subclasses. In such case it should
- return True if the given request has permission to delete the `obj`
- model instance. If `obj` is None, this should return True if the given
- request has permission to delete *any* object of the given type.
- """
- opts = self.opts
- codename = get_permission_codename("delete", opts)
- return request.user.has_perm("%s.%s" % (opts.app_label, codename))
-
- def has_view_permission(self, request, obj=None):
- """
- Return True if the given request has permission to view the given
- Django model instance. The default implementation doesn't examine the
- `obj` parameter.
-
- If overridden by the user in subclasses, it should return True if the
- given request has permission to view the `obj` model instance. If `obj`
- is None, it should return True if the request has permission to view
- any object of the given type.
- """
- opts = self.opts
- codename_view = get_permission_codename("view", opts)
- codename_change = get_permission_codename("change", opts)
- return request.user.has_perm(
- "%s.%s" % (opts.app_label, codename_view)
- ) or request.user.has_perm("%s.%s" % (opts.app_label, codename_change))
-
- def has_view_or_change_permission(self, request, obj=None):
- return self.has_view_permission(request, obj) or self.has_change_permission(
- request, obj
- )
-
- def has_module_permission(self, request):
- """
- Return True if the given request has any permission in the given
- app label.
-
- Can be overridden by the user in subclasses. In such case it should
- return True if the given request has permission to view the module on
- the admin index page and access the module's index page. Overriding it
- does not restrict access to the add, change or delete views. Use
- `ModelAdmin.has_(add|change|delete)_permission` for that.
- """
- return request.user.has_module_perms(self.opts.app_label)
-
-
- class ModelAdmin(BaseModelAdmin):
- """Encapsulate all admin options and functionality for a given model."""
-
- list_display = ("__str__",)
- list_display_links = ()
- list_filter = ()
- list_select_related = False
- list_per_page = 100
- list_max_show_all = 200
- list_editable = ()
- search_fields = ()
- search_help_text = None
- date_hierarchy = None
- save_as = False
- save_as_continue = True
- save_on_top = False
- paginator = Paginator
- preserve_filters = True
- inlines = ()
-
- # Custom templates (designed to be over-ridden in subclasses)
- add_form_template = None
- change_form_template = None
- change_list_template = None
- delete_confirmation_template = None
- delete_selected_confirmation_template = None
- object_history_template = None
- popup_response_template = None
-
- # Actions
- actions = ()
- action_form = helpers.ActionForm
- actions_on_top = True
- actions_on_bottom = False
- actions_selection_counter = True
- checks_class = ModelAdminChecks
-
- def __init__(self, model, admin_site):
- self.model = model
- self.opts = model._meta
- self.admin_site = admin_site
- super().__init__()
-
- def __str__(self):
- return "%s.%s" % (self.model._meta.app_label, self.__class__.__name__)
-
- def __repr__(self):
- return (
- f"<{self.__class__.__qualname__}: model={self.model.__qualname__} "
- f"site={self.admin_site!r}>"
- )
-
- def get_inline_instances(self, request, obj=None):
- inline_instances = []
- for inline_class in self.get_inlines(request, obj):
- inline = inline_class(self.model, self.admin_site)
- if request:
- if not (
- inline.has_view_or_change_permission(request, obj)
- or inline.has_add_permission(request, obj)
- or inline.has_delete_permission(request, obj)
- ):
- continue
- if not inline.has_add_permission(request, obj):
- inline.max_num = 0
- inline_instances.append(inline)
-
- return inline_instances
-
- def get_urls(self):
- from django.urls import path
-
- def wrap(view):
- def wrapper(*args, **kwargs):
- return self.admin_site.admin_view(view)(*args, **kwargs)
-
- wrapper.model_admin = self
- return update_wrapper(wrapper, view)
-
- info = self.model._meta.app_label, self.model._meta.model_name
-
- return [
- path("", wrap(self.changelist_view), name="%s_%s_changelist" % info),
- path("add/", wrap(self.add_view), name="%s_%s_add" % info),
- path(
- "<path:object_id>/history/",
- wrap(self.history_view),
- name="%s_%s_history" % info,
- ),
- path(
- "<path:object_id>/delete/",
- wrap(self.delete_view),
- name="%s_%s_delete" % info,
- ),
- path(
- "<path:object_id>/change/",
- wrap(self.change_view),
- name="%s_%s_change" % info,
- ),
- # For backwards compatibility (was the change url before 1.9)
- path(
- "<path:object_id>/",
- wrap(
- RedirectView.as_view(
- pattern_name="%s:%s_%s_change"
- % ((self.admin_site.name,) + info)
- )
- ),
- ),
- ]
-
- @property
- def urls(self):
- return self.get_urls()
-
- @property
- def media(self):
- extra = "" if settings.DEBUG else ".min"
- js = [
- "vendor/jquery/jquery%s.js" % extra,
- "jquery.init.js",
- "core.js",
- "admin/RelatedObjectLookups.js",
- "actions.js",
- "urlify.js",
- "prepopulate.js",
- "vendor/xregexp/xregexp%s.js" % extra,
- ]
- return forms.Media(js=["admin/js/%s" % url for url in js])
-
- def get_model_perms(self, request):
- """
- Return a dict of all perms for this model. This dict has the keys
- ``add``, ``change``, ``delete``, and ``view`` mapping to the True/False
- for each of those actions.
- """
- return {
- "add": self.has_add_permission(request),
- "change": self.has_change_permission(request),
- "delete": self.has_delete_permission(request),
- "view": self.has_view_permission(request),
- }
-
- def _get_form_for_get_fields(self, request, obj):
- return self.get_form(request, obj, fields=None)
-
- def get_form(self, request, obj=None, change=False, **kwargs):
- """
- Return a Form class for use in the admin add view. This is used by
- add_view and change_view.
- """
- if "fields" in kwargs:
- fields = kwargs.pop("fields")
- else:
- fields = flatten_fieldsets(self.get_fieldsets(request, obj))
- excluded = self.get_exclude(request, obj)
- exclude = [] if excluded is None else list(excluded)
- readonly_fields = self.get_readonly_fields(request, obj)
- exclude.extend(readonly_fields)
- # Exclude all fields if it's a change form and the user doesn't have
- # the change permission.
- if (
- change
- and hasattr(request, "user")
- and not self.has_change_permission(request, obj)
- ):
- exclude.extend(fields)
- if excluded is None and hasattr(self.form, "_meta") and self.form._meta.exclude:
- # Take the custom ModelForm's Meta.exclude into account only if the
- # ModelAdmin doesn't define its own.
- exclude.extend(self.form._meta.exclude)
- # if exclude is an empty list we pass None to be consistent with the
- # default on modelform_factory
- exclude = exclude or None
-
- # Remove declared form fields which are in readonly_fields.
- new_attrs = dict.fromkeys(
- f for f in readonly_fields if f in self.form.declared_fields
- )
- form = type(self.form.__name__, (self.form,), new_attrs)
-
- defaults = {
- "form": form,
- "fields": fields,
- "exclude": exclude,
- "formfield_callback": partial(self.formfield_for_dbfield, request=request),
- **kwargs,
- }
-
- if defaults["fields"] is None and not modelform_defines_fields(
- defaults["form"]
- ):
- defaults["fields"] = forms.ALL_FIELDS
-
- try:
- return modelform_factory(self.model, **defaults)
- except FieldError as e:
- raise FieldError(
- "%s. Check fields/fieldsets/exclude attributes of class %s."
- % (e, self.__class__.__name__)
- )
-
- def get_changelist(self, request, **kwargs):
- """
- Return the ChangeList class for use on the changelist page.
- """
- from django.contrib.admin.views.main import ChangeList
-
- return ChangeList
-
- def get_changelist_instance(self, request):
- """
- Return a `ChangeList` instance based on `request`. May raise
- `IncorrectLookupParameters`.
- """
- list_display = self.get_list_display(request)
- list_display_links = self.get_list_display_links(request, list_display)
- # Add the action checkboxes if any actions are available.
- if self.get_actions(request):
- list_display = ["action_checkbox", *list_display]
- sortable_by = self.get_sortable_by(request)
- ChangeList = self.get_changelist(request)
- return ChangeList(
- request,
- self.model,
- list_display,
- list_display_links,
- self.get_list_filter(request),
- self.date_hierarchy,
- self.get_search_fields(request),
- self.get_list_select_related(request),
- self.list_per_page,
- self.list_max_show_all,
- self.list_editable,
- self,
- sortable_by,
- self.search_help_text,
- )
-
- def get_object(self, request, object_id, from_field=None):
- """
- Return an instance matching the field and value provided, the primary
- key is used if no field is provided. Return ``None`` if no match is
- found or the object_id fails validation.
- """
- queryset = self.get_queryset(request)
- model = queryset.model
- field = (
- model._meta.pk if from_field is None else model._meta.get_field(from_field)
- )
- try:
- object_id = field.to_python(object_id)
- return queryset.get(**{field.name: object_id})
- except (model.DoesNotExist, ValidationError, ValueError):
- return None
-
- def get_changelist_form(self, request, **kwargs):
- """
- Return a Form class for use in the Formset on the changelist page.
- """
- defaults = {
- "formfield_callback": partial(self.formfield_for_dbfield, request=request),
- **kwargs,
- }
- if defaults.get("fields") is None and not modelform_defines_fields(
- defaults.get("form")
- ):
- defaults["fields"] = forms.ALL_FIELDS
-
- return modelform_factory(self.model, **defaults)
-
- def get_changelist_formset(self, request, **kwargs):
- """
- Return a FormSet class for use on the changelist page if list_editable
- is used.
- """
- defaults = {
- "formfield_callback": partial(self.formfield_for_dbfield, request=request),
- **kwargs,
- }
- return modelformset_factory(
- self.model,
- self.get_changelist_form(request),
- extra=0,
- fields=self.list_editable,
- **defaults,
- )
-
- def get_formsets_with_inlines(self, request, obj=None):
- """
- Yield formsets and the corresponding inlines.
- """
- for inline in self.get_inline_instances(request, obj):
- yield inline.get_formset(request, obj), inline
-
- def get_paginator(
- self, request, queryset, per_page, orphans=0, allow_empty_first_page=True
- ):
- return self.paginator(queryset, per_page, orphans, allow_empty_first_page)
-
- def log_addition(self, request, obj, message):
- """
- Log that an object has been successfully added.
-
- The default implementation creates an admin LogEntry object.
- """
- from django.contrib.admin.models import ADDITION, LogEntry
-
- return LogEntry.objects.log_action(
- user_id=request.user.pk,
- content_type_id=get_content_type_for_model(obj).pk,
- object_id=obj.pk,
- object_repr=str(obj),
- action_flag=ADDITION,
- change_message=message,
- )
-
- def log_change(self, request, obj, message):
- """
- Log that an object has been successfully changed.
-
- The default implementation creates an admin LogEntry object.
- """
- from django.contrib.admin.models import CHANGE, LogEntry
-
- return LogEntry.objects.log_action(
- user_id=request.user.pk,
- content_type_id=get_content_type_for_model(obj).pk,
- object_id=obj.pk,
- object_repr=str(obj),
- action_flag=CHANGE,
- change_message=message,
- )
-
- def log_deletion(self, request, obj, object_repr):
- """
- Log that an object will be deleted. Note that this method must be
- called before the deletion.
-
- The default implementation creates an admin LogEntry object.
- """
- from django.contrib.admin.models import DELETION, LogEntry
-
- return LogEntry.objects.log_action(
- user_id=request.user.pk,
- content_type_id=get_content_type_for_model(obj).pk,
- object_id=obj.pk,
- object_repr=object_repr,
- action_flag=DELETION,
- )
-
- @display(description=mark_safe('<input type="checkbox" id="action-toggle">'))
- def action_checkbox(self, obj):
- """
- A list_display column containing a checkbox widget.
- """
- return helpers.checkbox.render(helpers.ACTION_CHECKBOX_NAME, str(obj.pk))
-
- @staticmethod
- def _get_action_description(func, name):
- return getattr(func, "short_description", capfirst(name.replace("_", " ")))
-
- def _get_base_actions(self):
- """Return the list of actions, prior to any request-based filtering."""
- actions = []
- base_actions = (self.get_action(action) for action in self.actions or [])
- # get_action might have returned None, so filter any of those out.
- base_actions = [action for action in base_actions if action]
- base_action_names = {name for _, name, _ in base_actions}
-
- # Gather actions from the admin site first
- for name, func in self.admin_site.actions:
- if name in base_action_names:
- continue
- description = self._get_action_description(func, name)
- actions.append((func, name, description))
- # Add actions from this ModelAdmin.
- actions.extend(base_actions)
- return actions
-
- def _filter_actions_by_permissions(self, request, actions):
- """Filter out any actions that the user doesn't have access to."""
- filtered_actions = []
- for action in actions:
- callable = action[0]
- if not hasattr(callable, "allowed_permissions"):
- filtered_actions.append(action)
- continue
- permission_checks = (
- getattr(self, "has_%s_permission" % permission)
- for permission in callable.allowed_permissions
- )
- if any(has_permission(request) for has_permission in permission_checks):
- filtered_actions.append(action)
- return filtered_actions
-
- def get_actions(self, request):
- """
- Return a dictionary mapping the names of all actions for this
- ModelAdmin to a tuple of (callable, name, description) for each action.
- """
- # If self.actions is set to None that means actions are disabled on
- # this page.
- if self.actions is None or IS_POPUP_VAR in request.GET:
- return {}
- actions = self._filter_actions_by_permissions(request, self._get_base_actions())
- return {name: (func, name, desc) for func, name, desc in actions}
-
- def get_action_choices(self, request, default_choices=models.BLANK_CHOICE_DASH):
- """
- Return a list of choices for use in a form object. Each choice is a
- tuple (name, description).
- """
- choices = [] + default_choices
- for func, name, description in self.get_actions(request).values():
- choice = (name, description % model_format_dict(self.opts))
- choices.append(choice)
- return choices
-
- def get_action(self, action):
- """
- Return a given action from a parameter, which can either be a callable,
- or the name of a method on the ModelAdmin. Return is a tuple of
- (callable, name, description).
- """
- # If the action is a callable, just use it.
- if callable(action):
- func = action
- action = action.__name__
-
- # Next, look for a method. Grab it off self.__class__ to get an unbound
- # method instead of a bound one; this ensures that the calling
- # conventions are the same for functions and methods.
- elif hasattr(self.__class__, action):
- func = getattr(self.__class__, action)
-
- # Finally, look for a named method on the admin site
- else:
- try:
- func = self.admin_site.get_action(action)
- except KeyError:
- return None
-
- description = self._get_action_description(func, action)
- return func, action, description
-
- def get_list_display(self, request):
- """
- Return a sequence containing the fields to be displayed on the
- changelist.
- """
- return self.list_display
-
- def get_list_display_links(self, request, list_display):
- """
- Return a sequence containing the fields to be displayed as links
- on the changelist. The list_display parameter is the list of fields
- returned by get_list_display().
- """
- if (
- self.list_display_links
- or self.list_display_links is None
- or not list_display
- ):
- return self.list_display_links
- else:
- # Use only the first item in list_display as link
- return list(list_display)[:1]
-
- def get_list_filter(self, request):
- """
- Return a sequence containing the fields to be displayed as filters in
- the right sidebar of the changelist page.
- """
- return self.list_filter
-
- def get_list_select_related(self, request):
- """
- Return a list of fields to add to the select_related() part of the
- changelist items query.
- """
- return self.list_select_related
-
- def get_search_fields(self, request):
- """
- Return a sequence containing the fields to be searched whenever
- somebody submits a search query.
- """
- return self.search_fields
-
- def get_search_results(self, request, queryset, search_term):
- """
- Return a tuple containing a queryset to implement the search
- and a boolean indicating if the results may contain duplicates.
- """
-
- # Apply keyword searches.
- def construct_search(field_name):
- if field_name.startswith("^"):
- return "%s__istartswith" % field_name[1:]
- elif field_name.startswith("="):
- return "%s__iexact" % field_name[1:]
- elif field_name.startswith("@"):
- return "%s__search" % field_name[1:]
- # Use field_name if it includes a lookup.
- opts = queryset.model._meta
- lookup_fields = field_name.split(LOOKUP_SEP)
- # Go through the fields, following all relations.
- prev_field = None
- for path_part in lookup_fields:
- if path_part == "pk":
- path_part = opts.pk.name
- try:
- field = opts.get_field(path_part)
- except FieldDoesNotExist:
- # Use valid query lookups.
- if prev_field and prev_field.get_lookup(path_part):
- return field_name
- else:
- prev_field = field
- if hasattr(field, "path_infos"):
- # Update opts to follow the relation.
- opts = field.path_infos[-1].to_opts
- # Otherwise, use the field with icontains.
- return "%s__icontains" % field_name
-
- may_have_duplicates = False
- search_fields = self.get_search_fields(request)
- if search_fields and search_term:
- orm_lookups = [
- construct_search(str(search_field)) for search_field in search_fields
- ]
- term_queries = []
- for bit in smart_split(search_term):
- if bit.startswith(('"', "'")) and bit[0] == bit[-1]:
- bit = unescape_string_literal(bit)
- or_queries = models.Q(
- *((orm_lookup, bit) for orm_lookup in orm_lookups),
- _connector=models.Q.OR,
- )
- term_queries.append(or_queries)
- queryset = queryset.filter(models.Q(*term_queries))
- may_have_duplicates |= any(
- lookup_spawns_duplicates(self.opts, search_spec)
- for search_spec in orm_lookups
- )
- return queryset, may_have_duplicates
-
- def get_preserved_filters(self, request):
- """
- Return the preserved filters querystring.
- """
- match = request.resolver_match
- if self.preserve_filters and match:
- opts = self.model._meta
- current_url = "%s:%s" % (match.app_name, match.url_name)
- changelist_url = "admin:%s_%s_changelist" % (
- opts.app_label,
- opts.model_name,
- )
- if current_url == changelist_url:
- preserved_filters = request.GET.urlencode()
- else:
- preserved_filters = request.GET.get("_changelist_filters")
-
- if preserved_filters:
- return urlencode({"_changelist_filters": preserved_filters})
- return ""
-
- def construct_change_message(self, request, form, formsets, add=False):
- """
- Construct a JSON structure describing changes from a changed object.
- """
- return construct_change_message(form, formsets, add)
-
- def message_user(
- self, request, message, level=messages.INFO, extra_tags="", fail_silently=False
- ):
- """
- Send a message to the user. The default implementation
- posts a message using the django.contrib.messages backend.
-
- Exposes almost the same API as messages.add_message(), but accepts the
- positional arguments in a different order to maintain backwards
- compatibility. For convenience, it accepts the `level` argument as
- a string rather than the usual level number.
- """
- if not isinstance(level, int):
- # attempt to get the level if passed a string
- try:
- level = getattr(messages.constants, level.upper())
- except AttributeError:
- levels = messages.constants.DEFAULT_TAGS.values()
- levels_repr = ", ".join("`%s`" % level for level in levels)
- raise ValueError(
- "Bad message level string: `%s`. Possible values are: %s"
- % (level, levels_repr)
- )
-
- messages.add_message(
- request, level, message, extra_tags=extra_tags, fail_silently=fail_silently
- )
-
- def save_form(self, request, form, change):
- """
- Given a ModelForm return an unsaved instance. ``change`` is True if
- the object is being changed, and False if it's being added.
- """
- return form.save(commit=False)
-
- def save_model(self, request, obj, form, change):
- """
- Given a model instance save it to the database.
- """
- obj.save()
-
- def delete_model(self, request, obj):
- """
- Given a model instance delete it from the database.
- """
- obj.delete()
-
- def delete_queryset(self, request, queryset):
- """Given a queryset, delete it from the database."""
- queryset.delete()
-
- def save_formset(self, request, form, formset, change):
- """
- Given an inline formset save it to the database.
- """
- formset.save()
-
- def save_related(self, request, form, formsets, change):
- """
- Given the ``HttpRequest``, the parent ``ModelForm`` instance, the
- list of inline formsets and a boolean value based on whether the
- parent is being added or changed, save the related objects to the
- database. Note that at this point save_form() and save_model() have
- already been called.
- """
- form.save_m2m()
- for formset in formsets:
- self.save_formset(request, form, formset, change=change)
-
- def render_change_form(
- self, request, context, add=False, change=False, form_url="", obj=None
- ):
- opts = self.model._meta
- app_label = opts.app_label
- preserved_filters = self.get_preserved_filters(request)
- form_url = add_preserved_filters(
- {"preserved_filters": preserved_filters, "opts": opts}, form_url
- )
- view_on_site_url = self.get_view_on_site_url(obj)
- has_editable_inline_admin_formsets = False
- for inline in context["inline_admin_formsets"]:
- if (
- inline.has_add_permission
- or inline.has_change_permission
- or inline.has_delete_permission
- ):
- has_editable_inline_admin_formsets = True
- break
- context.update(
- {
- "add": add,
- "change": change,
- "has_view_permission": self.has_view_permission(request, obj),
- "has_add_permission": self.has_add_permission(request),
- "has_change_permission": self.has_change_permission(request, obj),
- "has_delete_permission": self.has_delete_permission(request, obj),
- "has_editable_inline_admin_formsets": (
- has_editable_inline_admin_formsets
- ),
- "has_file_field": context["adminform"].form.is_multipart()
- or any(
- admin_formset.formset.is_multipart()
- for admin_formset in context["inline_admin_formsets"]
- ),
- "has_absolute_url": view_on_site_url is not None,
- "absolute_url": view_on_site_url,
- "form_url": form_url,
- "opts": opts,
- "content_type_id": get_content_type_for_model(self.model).pk,
- "save_as": self.save_as,
- "save_on_top": self.save_on_top,
- "to_field_var": TO_FIELD_VAR,
- "is_popup_var": IS_POPUP_VAR,
- "app_label": app_label,
- }
- )
- if add and self.add_form_template is not None:
- form_template = self.add_form_template
- else:
- form_template = self.change_form_template
-
- request.current_app = self.admin_site.name
-
- return TemplateResponse(
- request,
- form_template
- or [
- "admin/%s/%s/change_form.html" % (app_label, opts.model_name),
- "admin/%s/change_form.html" % app_label,
- "admin/change_form.html",
- ],
- context,
- )
-
- def response_add(self, request, obj, post_url_continue=None):
- """
- Determine the HttpResponse for the add_view stage.
- """
- opts = obj._meta
- preserved_filters = self.get_preserved_filters(request)
- obj_url = reverse(
- "admin:%s_%s_change" % (opts.app_label, opts.model_name),
- args=(quote(obj.pk),),
- current_app=self.admin_site.name,
- )
- # Add a link to the object's change form if the user can edit the obj.
- if self.has_change_permission(request, obj):
- obj_repr = format_html('<a href="{}">{}</a>', urlquote(obj_url), obj)
- else:
- obj_repr = str(obj)
- msg_dict = {
- "name": opts.verbose_name,
- "obj": obj_repr,
- }
- # Here, we distinguish between different save types by checking for
- # the presence of keys in request.POST.
-
- if IS_POPUP_VAR in request.POST:
- to_field = request.POST.get(TO_FIELD_VAR)
- if to_field:
- attr = str(to_field)
- else:
- attr = obj._meta.pk.attname
- value = obj.serializable_value(attr)
- popup_response_data = json.dumps(
- {
- "value": str(value),
- "obj": str(obj),
- }
- )
- return TemplateResponse(
- request,
- self.popup_response_template
- or [
- "admin/%s/%s/popup_response.html"
- % (opts.app_label, opts.model_name),
- "admin/%s/popup_response.html" % opts.app_label,
- "admin/popup_response.html",
- ],
- {
- "popup_response_data": popup_response_data,
- },
- )
-
- elif "_continue" in request.POST or (
- # Redirecting after "Save as new".
- "_saveasnew" in request.POST
- and self.save_as_continue
- and self.has_change_permission(request, obj)
- ):
- msg = _("The {name} “{obj}” was added successfully.")
- if self.has_change_permission(request, obj):
- msg += " " + _("You may edit it again below.")
- self.message_user(request, format_html(msg, **msg_dict), messages.SUCCESS)
- if post_url_continue is None:
- post_url_continue = obj_url
- post_url_continue = add_preserved_filters(
- {"preserved_filters": preserved_filters, "opts": opts},
- post_url_continue,
- )
- return HttpResponseRedirect(post_url_continue)
-
- elif "_addanother" in request.POST:
- msg = format_html(
- _(
- "The {name} “{obj}” was added successfully. You may add another "
- "{name} below."
- ),
- **msg_dict,
- )
- self.message_user(request, msg, messages.SUCCESS)
- redirect_url = request.path
- redirect_url = add_preserved_filters(
- {"preserved_filters": preserved_filters, "opts": opts}, redirect_url
- )
- return HttpResponseRedirect(redirect_url)
-
- else:
- msg = format_html(
- _("The {name} “{obj}” was added successfully."), **msg_dict
- )
- self.message_user(request, msg, messages.SUCCESS)
- return self.response_post_save_add(request, obj)
-
- def response_change(self, request, obj):
- """
- Determine the HttpResponse for the change_view stage.
- """
-
- if IS_POPUP_VAR in request.POST:
- opts = obj._meta
- to_field = request.POST.get(TO_FIELD_VAR)
- attr = str(to_field) if to_field else opts.pk.attname
- value = request.resolver_match.kwargs["object_id"]
- new_value = obj.serializable_value(attr)
- popup_response_data = json.dumps(
- {
- "action": "change",
- "value": str(value),
- "obj": str(obj),
- "new_value": str(new_value),
- }
- )
- return TemplateResponse(
- request,
- self.popup_response_template
- or [
- "admin/%s/%s/popup_response.html"
- % (opts.app_label, opts.model_name),
- "admin/%s/popup_response.html" % opts.app_label,
- "admin/popup_response.html",
- ],
- {
- "popup_response_data": popup_response_data,
- },
- )
-
- opts = self.model._meta
- preserved_filters = self.get_preserved_filters(request)
-
- msg_dict = {
- "name": opts.verbose_name,
- "obj": format_html('<a href="{}">{}</a>', urlquote(request.path), obj),
- }
- if "_continue" in request.POST:
- msg = format_html(
- _(
- "The {name} “{obj}” was changed successfully. You may edit it "
- "again below."
- ),
- **msg_dict,
- )
- self.message_user(request, msg, messages.SUCCESS)
- redirect_url = request.path
- redirect_url = add_preserved_filters(
- {"preserved_filters": preserved_filters, "opts": opts}, redirect_url
- )
- return HttpResponseRedirect(redirect_url)
-
- elif "_saveasnew" in request.POST:
- msg = format_html(
- _(
- "The {name} “{obj}” was added successfully. You may edit it again "
- "below."
- ),
- **msg_dict,
- )
- self.message_user(request, msg, messages.SUCCESS)
- redirect_url = reverse(
- "admin:%s_%s_change" % (opts.app_label, opts.model_name),
- args=(obj.pk,),
- current_app=self.admin_site.name,
- )
- redirect_url = add_preserved_filters(
- {"preserved_filters": preserved_filters, "opts": opts}, redirect_url
- )
- return HttpResponseRedirect(redirect_url)
-
- elif "_addanother" in request.POST:
- msg = format_html(
- _(
- "The {name} “{obj}” was changed successfully. You may add another "
- "{name} below."
- ),
- **msg_dict,
- )
- self.message_user(request, msg, messages.SUCCESS)
- redirect_url = reverse(
- "admin:%s_%s_add" % (opts.app_label, opts.model_name),
- current_app=self.admin_site.name,
- )
- redirect_url = add_preserved_filters(
- {"preserved_filters": preserved_filters, "opts": opts}, redirect_url
- )
- return HttpResponseRedirect(redirect_url)
-
- else:
- msg = format_html(
- _("The {name} “{obj}” was changed successfully."), **msg_dict
- )
- self.message_user(request, msg, messages.SUCCESS)
- return self.response_post_save_change(request, obj)
-
- def _response_post_save(self, request, obj):
- opts = self.model._meta
- if self.has_view_or_change_permission(request):
- post_url = reverse(
- "admin:%s_%s_changelist" % (opts.app_label, opts.model_name),
- current_app=self.admin_site.name,
- )
- preserved_filters = self.get_preserved_filters(request)
- post_url = add_preserved_filters(
- {"preserved_filters": preserved_filters, "opts": opts}, post_url
- )
- else:
- post_url = reverse("admin:index", current_app=self.admin_site.name)
- return HttpResponseRedirect(post_url)
-
- def response_post_save_add(self, request, obj):
- """
- Figure out where to redirect after the 'Save' button has been pressed
- when adding a new object.
- """
- return self._response_post_save(request, obj)
-
- def response_post_save_change(self, request, obj):
- """
- Figure out where to redirect after the 'Save' button has been pressed
- when editing an existing object.
- """
- return self._response_post_save(request, obj)
-
- def response_action(self, request, queryset):
- """
- Handle an admin action. This is called if a request is POSTed to the
- changelist; it returns an HttpResponse if the action was handled, and
- None otherwise.
- """
-
- # There can be multiple action forms on the page (at the top
- # and bottom of the change list, for example). Get the action
- # whose button was pushed.
- try:
- action_index = int(request.POST.get("index", 0))
- except ValueError:
- action_index = 0
-
- # Construct the action form.
- data = request.POST.copy()
- data.pop(helpers.ACTION_CHECKBOX_NAME, None)
- data.pop("index", None)
-
- # Use the action whose button was pushed
- try:
- data.update({"action": data.getlist("action")[action_index]})
- except IndexError:
- # If we didn't get an action from the chosen form that's invalid
- # POST data, so by deleting action it'll fail the validation check
- # below. So no need to do anything here
- pass
-
- action_form = self.action_form(data, auto_id=None)
- action_form.fields["action"].choices = self.get_action_choices(request)
-
- # If the form's valid we can handle the action.
- if action_form.is_valid():
- action = action_form.cleaned_data["action"]
- select_across = action_form.cleaned_data["select_across"]
- func = self.get_actions(request)[action][0]
-
- # Get the list of selected PKs. If nothing's selected, we can't
- # perform an action on it, so bail. Except we want to perform
- # the action explicitly on all objects.
- selected = request.POST.getlist(helpers.ACTION_CHECKBOX_NAME)
- if not selected and not select_across:
- # Reminder that something needs to be selected or nothing will happen
- msg = _(
- "Items must be selected in order to perform "
- "actions on them. No items have been changed."
- )
- self.message_user(request, msg, messages.WARNING)
- return None
-
- if not select_across:
- # Perform the action only on the selected objects
- queryset = queryset.filter(pk__in=selected)
-
- response = func(self, request, queryset)
-
- # Actions may return an HttpResponse-like object, which will be
- # used as the response from the POST. If not, we'll be a good
- # little HTTP citizen and redirect back to the changelist page.
- if isinstance(response, HttpResponseBase):
- return response
- else:
- return HttpResponseRedirect(request.get_full_path())
- else:
- msg = _("No action selected.")
- self.message_user(request, msg, messages.WARNING)
- return None
-
- def response_delete(self, request, obj_display, obj_id):
- """
- Determine the HttpResponse for the delete_view stage.
- """
- opts = self.model._meta
-
- if IS_POPUP_VAR in request.POST:
- popup_response_data = json.dumps(
- {
- "action": "delete",
- "value": str(obj_id),
- }
- )
- return TemplateResponse(
- request,
- self.popup_response_template
- or [
- "admin/%s/%s/popup_response.html"
- % (opts.app_label, opts.model_name),
- "admin/%s/popup_response.html" % opts.app_label,
- "admin/popup_response.html",
- ],
- {
- "popup_response_data": popup_response_data,
- },
- )
-
- self.message_user(
- request,
- _("The %(name)s “%(obj)s” was deleted successfully.")
- % {
- "name": opts.verbose_name,
- "obj": obj_display,
- },
- messages.SUCCESS,
- )
-
- if self.has_change_permission(request, None):
- post_url = reverse(
- "admin:%s_%s_changelist" % (opts.app_label, opts.model_name),
- current_app=self.admin_site.name,
- )
- preserved_filters = self.get_preserved_filters(request)
- post_url = add_preserved_filters(
- {"preserved_filters": preserved_filters, "opts": opts}, post_url
- )
- else:
- post_url = reverse("admin:index", current_app=self.admin_site.name)
- return HttpResponseRedirect(post_url)
-
- def render_delete_form(self, request, context):
- opts = self.model._meta
- app_label = opts.app_label
-
- request.current_app = self.admin_site.name
- context.update(
- to_field_var=TO_FIELD_VAR,
- is_popup_var=IS_POPUP_VAR,
- media=self.media,
- )
-
- return TemplateResponse(
- request,
- self.delete_confirmation_template
- or [
- "admin/{}/{}/delete_confirmation.html".format(
- app_label, opts.model_name
- ),
- "admin/{}/delete_confirmation.html".format(app_label),
- "admin/delete_confirmation.html",
- ],
- context,
- )
-
- def get_inline_formsets(self, request, formsets, inline_instances, obj=None):
- # Edit permissions on parent model are required for editable inlines.
- can_edit_parent = (
- self.has_change_permission(request, obj)
- if obj
- else self.has_add_permission(request)
- )
- inline_admin_formsets = []
- for inline, formset in zip(inline_instances, formsets):
- fieldsets = list(inline.get_fieldsets(request, obj))
- readonly = list(inline.get_readonly_fields(request, obj))
- if can_edit_parent:
- has_add_permission = inline.has_add_permission(request, obj)
- has_change_permission = inline.has_change_permission(request, obj)
- has_delete_permission = inline.has_delete_permission(request, obj)
- else:
- # Disable all edit-permissions, and overide formset settings.
- has_add_permission = (
- has_change_permission
- ) = has_delete_permission = False
- formset.extra = formset.max_num = 0
- has_view_permission = inline.has_view_permission(request, obj)
- prepopulated = dict(inline.get_prepopulated_fields(request, obj))
- inline_admin_formset = helpers.InlineAdminFormSet(
- inline,
- formset,
- fieldsets,
- prepopulated,
- readonly,
- model_admin=self,
- has_add_permission=has_add_permission,
- has_change_permission=has_change_permission,
- has_delete_permission=has_delete_permission,
- has_view_permission=has_view_permission,
- )
- inline_admin_formsets.append(inline_admin_formset)
- return inline_admin_formsets
-
- def get_changeform_initial_data(self, request):
- """
- Get the initial form data from the request's GET params.
- """
- initial = dict(request.GET.items())
- for k in initial:
- try:
- f = self.model._meta.get_field(k)
- except FieldDoesNotExist:
- continue
- # We have to special-case M2Ms as a list of comma-separated PKs.
- if isinstance(f, models.ManyToManyField):
- initial[k] = initial[k].split(",")
- return initial
-
- def _get_obj_does_not_exist_redirect(self, request, opts, object_id):
- """
- Create a message informing the user that the object doesn't exist
- and return a redirect to the admin index page.
- """
- msg = _("%(name)s with ID “%(key)s” doesn’t exist. Perhaps it was deleted?") % {
- "name": opts.verbose_name,
- "key": unquote(object_id),
- }
- self.message_user(request, msg, messages.WARNING)
- url = reverse("admin:index", current_app=self.admin_site.name)
- return HttpResponseRedirect(url)
-
- @csrf_protect_m
- def changeform_view(self, request, object_id=None, form_url="", extra_context=None):
- with transaction.atomic(using=router.db_for_write(self.model)):
- return self._changeform_view(request, object_id, form_url, extra_context)
-
- def _changeform_view(self, request, object_id, form_url, extra_context):
- to_field = request.POST.get(TO_FIELD_VAR, request.GET.get(TO_FIELD_VAR))
- if to_field and not self.to_field_allowed(request, to_field):
- raise DisallowedModelAdminToField(
- "The field %s cannot be referenced." % to_field
- )
-
- model = self.model
- opts = model._meta
-
- if request.method == "POST" and "_saveasnew" in request.POST:
- object_id = None
-
- add = object_id is None
-
- if add:
- if not self.has_add_permission(request):
- raise PermissionDenied
- obj = None
-
- else:
- obj = self.get_object(request, unquote(object_id), to_field)
-
- if request.method == "POST":
- if not self.has_change_permission(request, obj):
- raise PermissionDenied
- else:
- if not self.has_view_or_change_permission(request, obj):
- raise PermissionDenied
-
- if obj is None:
- return self._get_obj_does_not_exist_redirect(request, opts, object_id)
-
- fieldsets = self.get_fieldsets(request, obj)
- ModelForm = self.get_form(
- request, obj, change=not add, fields=flatten_fieldsets(fieldsets)
- )
- if request.method == "POST":
- form = ModelForm(request.POST, request.FILES, instance=obj)
- formsets, inline_instances = self._create_formsets(
- request,
- form.instance,
- change=not add,
- )
- form_validated = form.is_valid()
- if form_validated:
- new_object = self.save_form(request, form, change=not add)
- else:
- new_object = form.instance
- if all_valid(formsets) and form_validated:
- self.save_model(request, new_object, form, not add)
- self.save_related(request, form, formsets, not add)
- change_message = self.construct_change_message(
- request, form, formsets, add
- )
- if add:
- self.log_addition(request, new_object, change_message)
- return self.response_add(request, new_object)
- else:
- self.log_change(request, new_object, change_message)
- return self.response_change(request, new_object)
- else:
- form_validated = False
- else:
- if add:
- initial = self.get_changeform_initial_data(request)
- form = ModelForm(initial=initial)
- formsets, inline_instances = self._create_formsets(
- request, form.instance, change=False
- )
- else:
- form = ModelForm(instance=obj)
- formsets, inline_instances = self._create_formsets(
- request, obj, change=True
- )
-
- if not add and not self.has_change_permission(request, obj):
- readonly_fields = flatten_fieldsets(fieldsets)
- else:
- readonly_fields = self.get_readonly_fields(request, obj)
- adminForm = helpers.AdminForm(
- form,
- list(fieldsets),
- # Clear prepopulated fields on a view-only form to avoid a crash.
- self.get_prepopulated_fields(request, obj)
- if add or self.has_change_permission(request, obj)
- else {},
- readonly_fields,
- model_admin=self,
- )
- media = self.media + adminForm.media
-
- inline_formsets = self.get_inline_formsets(
- request, formsets, inline_instances, obj
- )
- for inline_formset in inline_formsets:
- media = media + inline_formset.media
-
- if add:
- title = _("Add %s")
- elif self.has_change_permission(request, obj):
- title = _("Change %s")
- else:
- title = _("View %s")
- context = {
- **self.admin_site.each_context(request),
- "title": title % opts.verbose_name,
- "subtitle": str(obj) if obj else None,
- "adminform": adminForm,
- "object_id": object_id,
- "original": obj,
- "is_popup": IS_POPUP_VAR in request.POST or IS_POPUP_VAR in request.GET,
- "to_field": to_field,
- "media": media,
- "inline_admin_formsets": inline_formsets,
- "errors": helpers.AdminErrorList(form, formsets),
- "preserved_filters": self.get_preserved_filters(request),
- }
-
- # Hide the "Save" and "Save and continue" buttons if "Save as New" was
- # previously chosen to prevent the interface from getting confusing.
- if (
- request.method == "POST"
- and not form_validated
- and "_saveasnew" in request.POST
- ):
- context["show_save"] = False
- context["show_save_and_continue"] = False
- # Use the change template instead of the add template.
- add = False
-
- context.update(extra_context or {})
-
- return self.render_change_form(
- request, context, add=add, change=not add, obj=obj, form_url=form_url
- )
-
- def add_view(self, request, form_url="", extra_context=None):
- return self.changeform_view(request, None, form_url, extra_context)
-
- def change_view(self, request, object_id, form_url="", extra_context=None):
- return self.changeform_view(request, object_id, form_url, extra_context)
-
- def _get_edited_object_pks(self, request, prefix):
- """Return POST data values of list_editable primary keys."""
- pk_pattern = re.compile(
- r"{}-\d+-{}$".format(re.escape(prefix), self.model._meta.pk.name)
- )
- return [value for key, value in request.POST.items() if pk_pattern.match(key)]
-
- def _get_list_editable_queryset(self, request, prefix):
- """
- Based on POST data, return a queryset of the objects that were edited
- via list_editable.
- """
- object_pks = self._get_edited_object_pks(request, prefix)
- queryset = self.get_queryset(request)
- validate = queryset.model._meta.pk.to_python
- try:
- for pk in object_pks:
- validate(pk)
- except ValidationError:
- # Disable the optimization if the POST data was tampered with.
- return queryset
- return queryset.filter(pk__in=object_pks)
-
- @csrf_protect_m
- def changelist_view(self, request, extra_context=None):
- """
- The 'change list' admin view for this model.
- """
- from django.contrib.admin.views.main import ERROR_FLAG
-
- opts = self.model._meta
- app_label = opts.app_label
- if not self.has_view_or_change_permission(request):
- raise PermissionDenied
-
- try:
- cl = self.get_changelist_instance(request)
- except IncorrectLookupParameters:
- # Wacky lookup parameters were given, so redirect to the main
- # changelist page, without parameters, and pass an 'invalid=1'
- # parameter via the query string. If wacky parameters were given
- # and the 'invalid=1' parameter was already in the query string,
- # something is screwed up with the database, so display an error
- # page.
- if ERROR_FLAG in request.GET:
- return SimpleTemplateResponse(
- "admin/invalid_setup.html",
- {
- "title": _("Database error"),
- },
- )
- return HttpResponseRedirect(request.path + "?" + ERROR_FLAG + "=1")
-
- # If the request was POSTed, this might be a bulk action or a bulk
- # edit. Try to look up an action or confirmation first, but if this
- # isn't an action the POST will fall through to the bulk edit check,
- # below.
- action_failed = False
- selected = request.POST.getlist(helpers.ACTION_CHECKBOX_NAME)
-
- actions = self.get_actions(request)
- # Actions with no confirmation
- if (
- actions
- and request.method == "POST"
- and "index" in request.POST
- and "_save" not in request.POST
- ):
- if selected:
- response = self.response_action(
- request, queryset=cl.get_queryset(request)
- )
- if response:
- return response
- else:
- action_failed = True
- else:
- msg = _(
- "Items must be selected in order to perform "
- "actions on them. No items have been changed."
- )
- self.message_user(request, msg, messages.WARNING)
- action_failed = True
-
- # Actions with confirmation
- if (
- actions
- and request.method == "POST"
- and helpers.ACTION_CHECKBOX_NAME in request.POST
- and "index" not in request.POST
- and "_save" not in request.POST
- ):
- if selected:
- response = self.response_action(
- request, queryset=cl.get_queryset(request)
- )
- if response:
- return response
- else:
- action_failed = True
-
- if action_failed:
- # Redirect back to the changelist page to avoid resubmitting the
- # form if the user refreshes the browser or uses the "No, take
- # me back" button on the action confirmation page.
- return HttpResponseRedirect(request.get_full_path())
-
- # If we're allowing changelist editing, we need to construct a formset
- # for the changelist given all the fields to be edited. Then we'll
- # use the formset to validate/process POSTed data.
- formset = cl.formset = None
-
- # Handle POSTed bulk-edit data.
- if request.method == "POST" and cl.list_editable and "_save" in request.POST:
- if not self.has_change_permission(request):
- raise PermissionDenied
- FormSet = self.get_changelist_formset(request)
- modified_objects = self._get_list_editable_queryset(
- request, FormSet.get_default_prefix()
- )
- formset = cl.formset = FormSet(
- request.POST, request.FILES, queryset=modified_objects
- )
- if formset.is_valid():
- changecount = 0
- for form in formset.forms:
- if form.has_changed():
- obj = self.save_form(request, form, change=True)
- self.save_model(request, obj, form, change=True)
- self.save_related(request, form, formsets=[], change=True)
- change_msg = self.construct_change_message(request, form, None)
- self.log_change(request, obj, change_msg)
- changecount += 1
-
- if changecount:
- msg = ngettext(
- "%(count)s %(name)s was changed successfully.",
- "%(count)s %(name)s were changed successfully.",
- changecount,
- ) % {
- "count": changecount,
- "name": model_ngettext(opts, changecount),
- }
- self.message_user(request, msg, messages.SUCCESS)
-
- return HttpResponseRedirect(request.get_full_path())
-
- # Handle GET -- construct a formset for display.
- elif cl.list_editable and self.has_change_permission(request):
- FormSet = self.get_changelist_formset(request)
- formset = cl.formset = FormSet(queryset=cl.result_list)
-
- # Build the list of media to be used by the formset.
- if formset:
- media = self.media + formset.media
- else:
- media = self.media
-
- # Build the action form and populate it with available actions.
- if actions:
- action_form = self.action_form(auto_id=None)
- action_form.fields["action"].choices = self.get_action_choices(request)
- media += action_form.media
- else:
- action_form = None
-
- selection_note_all = ngettext(
- "%(total_count)s selected", "All %(total_count)s selected", cl.result_count
- )
-
- context = {
- **self.admin_site.each_context(request),
- "module_name": str(opts.verbose_name_plural),
- "selection_note": _("0 of %(cnt)s selected") % {"cnt": len(cl.result_list)},
- "selection_note_all": selection_note_all % {"total_count": cl.result_count},
- "title": cl.title,
- "subtitle": None,
- "is_popup": cl.is_popup,
- "to_field": cl.to_field,
- "cl": cl,
- "media": media,
- "has_add_permission": self.has_add_permission(request),
- "opts": cl.opts,
- "action_form": action_form,
- "actions_on_top": self.actions_on_top,
- "actions_on_bottom": self.actions_on_bottom,
- "actions_selection_counter": self.actions_selection_counter,
- "preserved_filters": self.get_preserved_filters(request),
- **(extra_context or {}),
- }
-
- request.current_app = self.admin_site.name
-
- return TemplateResponse(
- request,
- self.change_list_template
- or [
- "admin/%s/%s/change_list.html" % (app_label, opts.model_name),
- "admin/%s/change_list.html" % app_label,
- "admin/change_list.html",
- ],
- context,
- )
-
- def get_deleted_objects(self, objs, request):
- """
- Hook for customizing the delete process for the delete view and the
- "delete selected" action.
- """
- return get_deleted_objects(objs, request, self.admin_site)
-
- @csrf_protect_m
- def delete_view(self, request, object_id, extra_context=None):
- with transaction.atomic(using=router.db_for_write(self.model)):
- return self._delete_view(request, object_id, extra_context)
-
- def _delete_view(self, request, object_id, extra_context):
- "The 'delete' admin view for this model."
- opts = self.model._meta
- app_label = opts.app_label
-
- to_field = request.POST.get(TO_FIELD_VAR, request.GET.get(TO_FIELD_VAR))
- if to_field and not self.to_field_allowed(request, to_field):
- raise DisallowedModelAdminToField(
- "The field %s cannot be referenced." % to_field
- )
-
- obj = self.get_object(request, unquote(object_id), to_field)
-
- if not self.has_delete_permission(request, obj):
- raise PermissionDenied
-
- if obj is None:
- return self._get_obj_does_not_exist_redirect(request, opts, object_id)
-
- # Populate deleted_objects, a data structure of all related objects that
- # will also be deleted.
- (
- deleted_objects,
- model_count,
- perms_needed,
- protected,
- ) = self.get_deleted_objects([obj], request)
-
- if request.POST and not protected: # The user has confirmed the deletion.
- if perms_needed:
- raise PermissionDenied
- obj_display = str(obj)
- attr = str(to_field) if to_field else opts.pk.attname
- obj_id = obj.serializable_value(attr)
- self.log_deletion(request, obj, obj_display)
- self.delete_model(request, obj)
-
- return self.response_delete(request, obj_display, obj_id)
-
- object_name = str(opts.verbose_name)
-
- if perms_needed or protected:
- title = _("Cannot delete %(name)s") % {"name": object_name}
- else:
- title = _("Are you sure?")
-
- context = {
- **self.admin_site.each_context(request),
- "title": title,
- "subtitle": None,
- "object_name": object_name,
- "object": obj,
- "deleted_objects": deleted_objects,
- "model_count": dict(model_count).items(),
- "perms_lacking": perms_needed,
- "protected": protected,
- "opts": opts,
- "app_label": app_label,
- "preserved_filters": self.get_preserved_filters(request),
- "is_popup": IS_POPUP_VAR in request.POST or IS_POPUP_VAR in request.GET,
- "to_field": to_field,
- **(extra_context or {}),
- }
-
- return self.render_delete_form(request, context)
-
- def history_view(self, request, object_id, extra_context=None):
- "The 'history' admin view for this model."
- from django.contrib.admin.models import LogEntry
- from django.contrib.admin.views.main import PAGE_VAR
-
- # First check if the user can see this history.
- model = self.model
- obj = self.get_object(request, unquote(object_id))
- if obj is None:
- return self._get_obj_does_not_exist_redirect(
- request, model._meta, object_id
- )
-
- if not self.has_view_or_change_permission(request, obj):
- raise PermissionDenied
-
- # Then get the history for this object.
- opts = model._meta
- app_label = opts.app_label
- action_list = (
- LogEntry.objects.filter(
- object_id=unquote(object_id),
- content_type=get_content_type_for_model(model),
- )
- .select_related()
- .order_by("action_time")
- )
-
- paginator = self.get_paginator(request, action_list, 100)
- page_number = request.GET.get(PAGE_VAR, 1)
- page_obj = paginator.get_page(page_number)
- page_range = paginator.get_elided_page_range(page_obj.number)
-
- context = {
- **self.admin_site.each_context(request),
- "title": _("Change history: %s") % obj,
- "subtitle": None,
- "action_list": page_obj,
- "page_range": page_range,
- "page_var": PAGE_VAR,
- "pagination_required": paginator.count > 100,
- "module_name": str(capfirst(opts.verbose_name_plural)),
- "object": obj,
- "opts": opts,
- "preserved_filters": self.get_preserved_filters(request),
- **(extra_context or {}),
- }
-
- request.current_app = self.admin_site.name
-
- return TemplateResponse(
- request,
- self.object_history_template
- or [
- "admin/%s/%s/object_history.html" % (app_label, opts.model_name),
- "admin/%s/object_history.html" % app_label,
- "admin/object_history.html",
- ],
- context,
- )
-
- def get_formset_kwargs(self, request, obj, inline, prefix):
- formset_params = {
- "instance": obj,
- "prefix": prefix,
- "queryset": inline.get_queryset(request),
- }
- if request.method == "POST":
- formset_params.update(
- {
- "data": request.POST.copy(),
- "files": request.FILES,
- "save_as_new": "_saveasnew" in request.POST,
- }
- )
- return formset_params
-
- def _create_formsets(self, request, obj, change):
- "Helper function to generate formsets for add/change_view."
- formsets = []
- inline_instances = []
- prefixes = {}
- get_formsets_args = [request]
- if change:
- get_formsets_args.append(obj)
- for FormSet, inline in self.get_formsets_with_inlines(*get_formsets_args):
- prefix = FormSet.get_default_prefix()
- prefixes[prefix] = prefixes.get(prefix, 0) + 1
- if prefixes[prefix] != 1 or not prefix:
- prefix = "%s-%s" % (prefix, prefixes[prefix])
- formset_params = self.get_formset_kwargs(request, obj, inline, prefix)
- formset = FormSet(**formset_params)
-
- def user_deleted_form(request, obj, formset, index):
- """Return whether or not the user deleted the form."""
- return (
- inline.has_delete_permission(request, obj)
- and "{}-{}-DELETE".format(formset.prefix, index) in request.POST
- )
-
- # Bypass validation of each view-only inline form (since the form's
- # data won't be in request.POST), unless the form was deleted.
- if not inline.has_change_permission(request, obj if change else None):
- for index, form in enumerate(formset.initial_forms):
- if user_deleted_form(request, obj, formset, index):
- continue
- form._errors = {}
- form.cleaned_data = form.initial
- formsets.append(formset)
- inline_instances.append(inline)
- return formsets, inline_instances
-
-
- class InlineModelAdmin(BaseModelAdmin):
- """
- Options for inline editing of ``model`` instances.
-
- Provide ``fk_name`` to specify the attribute name of the ``ForeignKey``
- from ``model`` to its parent. This is required if ``model`` has more than
- one ``ForeignKey`` to its parent.
- """
-
- model = None
- fk_name = None
- formset = BaseInlineFormSet
- extra = 3
- min_num = None
- max_num = None
- template = None
- verbose_name = None
- verbose_name_plural = None
- can_delete = True
- show_change_link = False
- checks_class = InlineModelAdminChecks
- classes = None
-
- def __init__(self, parent_model, admin_site):
- self.admin_site = admin_site
- self.parent_model = parent_model
- self.opts = self.model._meta
- self.has_registered_model = admin_site.is_registered(self.model)
- super().__init__()
- if self.verbose_name_plural is None:
- if self.verbose_name is None:
- self.verbose_name_plural = self.model._meta.verbose_name_plural
- else:
- self.verbose_name_plural = format_lazy("{}s", self.verbose_name)
- if self.verbose_name is None:
- self.verbose_name = self.model._meta.verbose_name
-
- @property
- def media(self):
- extra = "" if settings.DEBUG else ".min"
- js = ["vendor/jquery/jquery%s.js" % extra, "jquery.init.js", "inlines.js"]
- if self.filter_vertical or self.filter_horizontal:
- js.extend(["SelectBox.js", "SelectFilter2.js"])
- if self.classes and "collapse" in self.classes:
- js.append("collapse.js")
- return forms.Media(js=["admin/js/%s" % url for url in js])
-
- def get_extra(self, request, obj=None, **kwargs):
- """Hook for customizing the number of extra inline forms."""
- return self.extra
-
- def get_min_num(self, request, obj=None, **kwargs):
- """Hook for customizing the min number of inline forms."""
- return self.min_num
-
- def get_max_num(self, request, obj=None, **kwargs):
- """Hook for customizing the max number of extra inline forms."""
- return self.max_num
-
- def get_formset(self, request, obj=None, **kwargs):
- """Return a BaseInlineFormSet class for use in admin add/change views."""
- if "fields" in kwargs:
- fields = kwargs.pop("fields")
- else:
- fields = flatten_fieldsets(self.get_fieldsets(request, obj))
- excluded = self.get_exclude(request, obj)
- exclude = [] if excluded is None else list(excluded)
- exclude.extend(self.get_readonly_fields(request, obj))
- if excluded is None and hasattr(self.form, "_meta") and self.form._meta.exclude:
- # Take the custom ModelForm's Meta.exclude into account only if the
- # InlineModelAdmin doesn't define its own.
- exclude.extend(self.form._meta.exclude)
- # If exclude is an empty list we use None, since that's the actual
- # default.
- exclude = exclude or None
- can_delete = self.can_delete and self.has_delete_permission(request, obj)
- defaults = {
- "form": self.form,
- "formset": self.formset,
- "fk_name": self.fk_name,
- "fields": fields,
- "exclude": exclude,
- "formfield_callback": partial(self.formfield_for_dbfield, request=request),
- "extra": self.get_extra(request, obj, **kwargs),
- "min_num": self.get_min_num(request, obj, **kwargs),
- "max_num": self.get_max_num(request, obj, **kwargs),
- "can_delete": can_delete,
- **kwargs,
- }
-
- base_model_form = defaults["form"]
- can_change = self.has_change_permission(request, obj) if request else True
- can_add = self.has_add_permission(request, obj) if request else True
-
- class DeleteProtectedModelForm(base_model_form):
- def hand_clean_DELETE(self):
- """
- We don't validate the 'DELETE' field itself because on
- templates it's not rendered using the field information, but
- just using a generic "deletion_field" of the InlineModelAdmin.
- """
- if self.cleaned_data.get(DELETION_FIELD_NAME, False):
- using = router.db_for_write(self._meta.model)
- collector = NestedObjects(using=using)
- if self.instance._state.adding:
- return
- collector.collect([self.instance])
- if collector.protected:
- objs = []
- for p in collector.protected:
- objs.append(
- # Translators: Model verbose name and instance
- # representation, suitable to be an item in a
- # list.
- _("%(class_name)s %(instance)s")
- % {"class_name": p._meta.verbose_name, "instance": p}
- )
- params = {
- "class_name": self._meta.model._meta.verbose_name,
- "instance": self.instance,
- "related_objects": get_text_list(objs, _("and")),
- }
- msg = _(
- "Deleting %(class_name)s %(instance)s would require "
- "deleting the following protected related objects: "
- "%(related_objects)s"
- )
- raise ValidationError(
- msg, code="deleting_protected", params=params
- )
-
- def is_valid(self):
- result = super().is_valid()
- self.hand_clean_DELETE()
- return result
-
- def has_changed(self):
- # Protect against unauthorized edits.
- if not can_change and not self.instance._state.adding:
- return False
- if not can_add and self.instance._state.adding:
- return False
- return super().has_changed()
-
- defaults["form"] = DeleteProtectedModelForm
-
- if defaults["fields"] is None and not modelform_defines_fields(
- defaults["form"]
- ):
- defaults["fields"] = forms.ALL_FIELDS
-
- return inlineformset_factory(self.parent_model, self.model, **defaults)
-
- def _get_form_for_get_fields(self, request, obj=None):
- return self.get_formset(request, obj, fields=None).form
-
- def get_queryset(self, request):
- queryset = super().get_queryset(request)
- if not self.has_view_or_change_permission(request):
- queryset = queryset.none()
- return queryset
-
- def _has_any_perms_for_target_model(self, request, perms):
- """
- This method is called only when the ModelAdmin's model is for an
- ManyToManyField's implicit through model (if self.opts.auto_created).
- Return True if the user has any of the given permissions ('add',
- 'change', etc.) for the model that points to the through model.
- """
- opts = self.opts
- # Find the target model of an auto-created many-to-many relationship.
- for field in opts.fields:
- if field.remote_field and field.remote_field.model != self.parent_model:
- opts = field.remote_field.model._meta
- break
- return any(
- request.user.has_perm(
- "%s.%s" % (opts.app_label, get_permission_codename(perm, opts))
- )
- for perm in perms
- )
-
- def has_add_permission(self, request, obj):
- if self.opts.auto_created:
- # Auto-created intermediate models don't have their own
- # permissions. The user needs to have the change permission for the
- # related model in order to be able to do anything with the
- # intermediate model.
- return self._has_any_perms_for_target_model(request, ["change"])
- return super().has_add_permission(request)
-
- def has_change_permission(self, request, obj=None):
- if self.opts.auto_created:
- # Same comment as has_add_permission().
- return self._has_any_perms_for_target_model(request, ["change"])
- return super().has_change_permission(request)
-
- def has_delete_permission(self, request, obj=None):
- if self.opts.auto_created:
- # Same comment as has_add_permission().
- return self._has_any_perms_for_target_model(request, ["change"])
- return super().has_delete_permission(request, obj)
-
- def has_view_permission(self, request, obj=None):
- if self.opts.auto_created:
- # Same comment as has_add_permission(). The 'change' permission
- # also implies the 'view' permission.
- return self._has_any_perms_for_target_model(request, ["view", "change"])
- return super().has_view_permission(request)
-
-
- class StackedInline(InlineModelAdmin):
- template = "admin/edit_inline/stacked.html"
-
-
- class TabularInline(InlineModelAdmin):
- template = "admin/edit_inline/tabular.html"
|