Prevent editing of attributes which are not Python literals through the admin interface.

2026-04-01 21:47:17 +02:00 · 2014-06-29 09:14:01 -05:00 · 2014-06-29 09:14:01 -05:00 · 54bb593f5e
commit 54bb593f5e
parent 112e7c652d
2 changed files with 11 additions and 1 deletions
--- a/src/typeclasses/admin.py
+++ b/src/typeclasses/admin.py
@ -54,6 +54,15 @@ class AttributeAdmin(ModelAdmin):
    """
    search_fields = ('db_key', 'db_strvalue', 'db_value')
    list_display = ('db_key', 'db_strvalue', 'db_value')
+    permitted_types = ('str', 'int', 'float', 'NoneType', 'bool')
+
+    fields = ('db_key', 'db_value', 'db_strvalue', 'db_category',
+              'db_lock_storage', 'db_model', 'db_attrtype')
+
+    def get_readonly_fields(self, request, obj=None):
+        if obj.db_value.__class__.__name__ not in self.permitted_types:
+            return ['db_value']
+        return []

 admin.site.register(Attribute, AttributeAdmin)
 admin.site.register(Tag, TagAdmin)
--- a/src/typeclasses/models.py
+++ b/src/typeclasses/models.py
@ -104,7 +104,8 @@ class Attribute(SharedMemoryModel):
        'value', null=True,
        help_text="The data returned when the attribute is accessed. Must be "
                  "written as a Python literal if editing through the admin "
-                  "interface.")
+                  "interface. Attribute values which are not Python literals "
+                  "cannot be edited through the admin interface.")
    db_strvalue = models.TextField(
        'strvalue', null=True, blank=True,
        help_text="String-specific storage for quick look-up")