id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
4189	Fix for COMMENTS_BANNED_USERS_GROUP exploding the ORM when using the templatetag.	Brett Hoerner <bretthoerner@…>	Adrian Holovaty	"Using Django comments with COMMENTS_BANNED_USERS_GROUP drops you into the following branch:

{{{
if not self.free and settings.COMMENTS_BANNED_USERS_GROUP:
    kwargs['select'] = {'is_hidden': 'user_id IN (SELECT user_id FROM auth_user_groups WHERE group_id = %s)' % settings.COMMENTS_BANNED_USERS_GROUP}
comment_list = get_list_function(**kwargs).order_by(self.ordering + 'submit_date').select_related()
}}}

Which in turn shoves the kwarg 'select' into a filter function, thus making the ORM puke violently.  A patch is attached:

{{{
comment_list = get_list_function(**kwargs).order_by(self.ordering + 'submit_date').select_related()
if not self.free and settings.COMMENTS_BANNED_USERS_GROUP:
    comment_list = comment_list.extra(select={'is_hidden': 'user_id IN (SELECT user_id FROM auth_user_groups WHERE group_id = %s)' % settings.COMMENTS_BANNED_USERS_GROUP})
}}}

Also, the Comment/FreeComment models' get_absolute_url() methods can cause a site to fail loudly if an object is erased and latest comments are still referred to.  An example is a ""latest comments"" rail showing comments on different objects.  If one of the objects is removed the following code will cause a rendering error, instead of failing silently. (get_content_object returns None and then get_absolute_url explodes)

{{{
def get_absolute_url(self):
    return self.get_content_object().get_absolute_url() + ""#c"" + str(self.id)
}}}

This is a problem because non-developers (template creators and/or admin users) can bring a site to a halt using comments (I believe Django prefers templates to fail silently instead of loudly when they can), I recommend a safe/harmless change such as this:

{{{
def get_absolute_url(self):
    try:
        return self.get_content_object().get_absolute_url() + ""#c"" + str(self.id)
    except AttributeError:
        return """"
}}}"		closed	contrib.comments	0.96		fixed	comments, COMMENTS_BANNED_USERS_GROUP		Ready for checkin	1	0	0	0	0	0