1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72
|
"""
Testing the register and autoloading.
Should not be used by other tests.
"""
from django.contrib.auth.models import User
from django.utils.html import escape
import ajax_select
from tests.models import Author, Person, PersonWithTitle
@ajax_select.register('person')
class PersonLookup(ajax_select.LookupChannel):
model = Person
def get_query(self, q, request):
return self.model.objects.filter(name__icontains=q)
def get_result(self, obj):
return obj.name
def format_match(self, obj):
return "%s<div><i>%s</i></div>" % (escape(obj.name), escape(obj.email))
def format_item_display(self, obj):
return "%s<div><i>%s</i></div>" % (escape(obj.name), escape(obj.email))
@ajax_select.register('person-with-title')
class PersonWithTitleLookup(ajax_select.LookupChannel):
model = PersonWithTitle
def get_query(self, q, request):
return self.model.objects.filter(title__icontains=q)
def get_result(self, obj):
return "{} {}".format(obj.name, obj.title)
@ajax_select.register('user')
class UserLookup(ajax_select.LookupChannel):
"""
Test if you can unset a lookup provided by a third-party application.
In this case it exposes User without any auth checking
and somebody could manually check the ajax URL and find out
if a user email exists.
So you might want to turn this channel off
by settings.AJAX_LOOKUP_CHANNELS['user'] = None
"""
model = User
def get_query(self, q, request):
return self.model.objects.filter(email=q)
@ajax_select.register('name')
class NameLookup(ajax_select.LookupChannel):
def get_query(self, q, request):
return ['Joseph Simmons', 'Darryl McDaniels', 'Jam Master Jay']
@ajax_select.register('author')
class AuthorLookup(ajax_select.LookupChannel):
model = Author
|