From 54bb593f5e973d1841bd36cd726dcd500b558756 Mon Sep 17 00:00:00 2001 From: Kelketek Rritaa Date: Sun, 29 Jun 2014 09:14:01 -0500 Subject: [PATCH] Prevent editing of attributes which are not Python literals through the admin interface. --- src/typeclasses/admin.py | 9 +++++++++ src/typeclasses/models.py | 3 ++- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/src/typeclasses/admin.py b/src/typeclasses/admin.py index 6ec88623e5..525d702f1c 100644 --- a/src/typeclasses/admin.py +++ b/src/typeclasses/admin.py @@ -54,6 +54,15 @@ class AttributeAdmin(ModelAdmin): """ search_fields = ('db_key', 'db_strvalue', 'db_value') list_display = ('db_key', 'db_strvalue', 'db_value') + permitted_types = ('str', 'int', 'float', 'NoneType', 'bool') + + fields = ('db_key', 'db_value', 'db_strvalue', 'db_category', + 'db_lock_storage', 'db_model', 'db_attrtype') + + def get_readonly_fields(self, request, obj=None): + if obj.db_value.__class__.__name__ not in self.permitted_types: + return ['db_value'] + return [] admin.site.register(Attribute, AttributeAdmin) admin.site.register(Tag, TagAdmin) \ No newline at end of file diff --git a/src/typeclasses/models.py b/src/typeclasses/models.py index 774ef451bb..2d96558fae 100644 --- a/src/typeclasses/models.py +++ b/src/typeclasses/models.py @@ -104,7 +104,8 @@ class Attribute(SharedMemoryModel): 'value', null=True, help_text="The data returned when the attribute is accessed. Must be " "written as a Python literal if editing through the admin " - "interface.") + "interface. Attribute values which are not Python literals " + "cannot be edited through the admin interface.") db_strvalue = models.TextField( 'strvalue', null=True, blank=True, help_text="String-specific storage for quick look-up")