From 28c03ac6c828d6946cd9346d8d676c9e6abc3f73 Mon Sep 17 00:00:00 2001 From: Santiago Lamora Date: Mon, 24 May 2021 12:36:49 +0200 Subject: [PATCH] Handle HTML safe rendering on accounts, bills & payments Drop `allow_tags` attribute which has been removed on Django 2.0 --- orchestra/contrib/accounts/admin.py | 3 +-- orchestra/contrib/bills/admin.py | 11 +++-------- orchestra/contrib/payments/admin.py | 9 +++++---- 3 files changed, 9 insertions(+), 14 deletions(-) diff --git a/orchestra/contrib/accounts/admin.py b/orchestra/contrib/accounts/admin.py index 2b9a4773..e44c656b 100644 --- a/orchestra/contrib/accounts/admin.py +++ b/orchestra/contrib/accounts/admin.py @@ -158,6 +158,7 @@ class AccountListAdmin(AccountAdmin): actions = None change_list_template = 'admin/accounts/account/select_account_list.html' + @mark_safe def select_account(self, instance): # TODO get query string from request.META['QUERY_STRING'] to preserve filters context = { @@ -167,7 +168,6 @@ class AccountListAdmin(AccountAdmin): } return _('%(plus)s Add to %(name)s') % context select_account.short_description = _("account") - select_account.allow_tags = True select_account.admin_order_field = 'username' def changelist_view(self, request, extra_context=None): @@ -222,7 +222,6 @@ class AccountAdminMixin(object): account = instance.account if instance.pk else self.account return admin_link()(account) account_link.short_description = _("account") - account_link.allow_tags = True account_link.admin_order_field = 'account__username' def get_form(self, request, obj=None, **kwargs): diff --git a/orchestra/contrib/bills/admin.py b/orchestra/contrib/bills/admin.py index 3d7b9534..8d23ca04 100644 --- a/orchestra/contrib/bills/admin.py +++ b/orchestra/contrib/bills/admin.py @@ -105,27 +105,26 @@ class ClosedBillLineInline(BillLineInline): readonly_fields = fields can_delete = False + @mark_safe def display_description(self, line): descriptions = [line.description] for subline in line.sublines.all(): - descriptions.append(' '*4+subline.description) + descriptions.append(' ' * 4 + subline.description) return '
'.join(descriptions) display_description.short_description = _("Description") - display_description.allow_tags = True + @mark_safe def display_subtotal(self, line): subtotals = [' ' + str(line.subtotal)] for subline in line.sublines.all(): subtotals.append(str(subline.total)) return '
'.join(subtotals) display_subtotal.short_description = _("Subtotal") - display_subtotal.allow_tags = True def display_total(self, line): if line.pk: return line.compute_total() display_total.short_description = _("Total") - display_total.allow_tags = True def has_add_permission(self, request): return False @@ -253,7 +252,6 @@ class BillAdminMixin(AccountAdminMixin): subtotals.append(_("Taxes %s%% VAT %s &%s;") % (tax, subtotal[1], currency)) subtotals = '\n'.join(subtotals) return '%s &%s;' % (subtotals, bill.compute_total(), currency) - display_total_with_subtotals.allow_tags = True display_total_with_subtotals.short_description = _("total") display_total_with_subtotals.admin_order_field = 'approx_total' @@ -279,7 +277,6 @@ class BillAdminMixin(AccountAdminMixin): color = PAYMENT_STATE_COLORS.get(bill.payment_state, 'grey') return '{name}'.format( url=url, color=color, name=state, title=title) - display_payment_state.allow_tags = True display_payment_state.short_description = _("Payment") def get_queryset(self, request): @@ -380,7 +377,6 @@ class BillAdmin(BillAdminMixin, ExtendedModelAdmin): def display_total(self, bill): currency = settings.BILLS_CURRENCY.lower() return format_html('{} &{};', bill.compute_total(), currency) - display_total.allow_tags = True display_total.short_description = _("total") display_total.admin_order_field = 'approx_total' @@ -388,7 +384,6 @@ class BillAdmin(BillAdminMixin, ExtendedModelAdmin): bill_type = bill.type.lower() url = reverse('admin:bills_%s_changelist' % bill_type) return format_html('{}', url, bill.get_type_display()) - type_link.allow_tags = True type_link.short_description = _("type") type_link.admin_order_field = 'type' diff --git a/orchestra/contrib/payments/admin.py b/orchestra/contrib/payments/admin.py index f753231b..45b67a48 100644 --- a/orchestra/contrib/payments/admin.py +++ b/orchestra/contrib/payments/admin.py @@ -1,6 +1,8 @@ from django.contrib import admin from django.urls import reverse from django.http import HttpResponseRedirect +from django.utils.html import format_html +from django.utils.safestring import mark_safe from django.utils.translation import ugettext_lazy as _ from orchestra.admin import ChangeViewActionsMixin, ExtendedModelAdmin @@ -154,6 +156,7 @@ class TransactionAdmin(SelectAccountAdminMixin, ExtendedModelAdmin): return [] return [action for action in actions if action.__name__ not in exclude] + @mark_safe def display_state(self, obj): state = admin_colored('state', colors=STATE_COLORS)(obj) help_text = obj.get_state_help() @@ -161,7 +164,6 @@ class TransactionAdmin(SelectAccountAdminMixin, ExtendedModelAdmin): return state display_state.admin_order_field = 'state' display_state.short_description = _("State") - display_state.allow_tags = True class TransactionProcessAdmin(ChangeViewActionsMixin, admin.ModelAdmin): @@ -184,10 +186,10 @@ class TransactionProcessAdmin(ChangeViewActionsMixin, admin.ModelAdmin): def file_url(self, process): if process.file: - return '%s' % (process.file.url, process.file.name) - file_url.allow_tags = True + return format_html('{}', process.file.url, process.file.name) file_url.admin_order_field = 'file' + @mark_safe def display_transactions(self, process): ids = [] lines = [] @@ -207,7 +209,6 @@ class TransactionProcessAdmin(ChangeViewActionsMixin, admin.ModelAdmin): url += '?process_id=%i' % process.id return '%s' % (url, transactions) display_transactions.short_description = _("Transactions") - display_transactions.allow_tags = True def has_add_permission(self, *args, **kwargs): return False