annotate() will gladly delete your data
|Reported by:||Patryk Zawadzki||Owned by:||Carl Meyer|
|Component:||Database layer (models, ORM)||Version:||1.2|
|Has patch:||no||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||no|
Consider the following example:
class Foo(models.Model): name = models.CharField(max_length=100) class Bar(models.Model): name = models.CharField(max_length=100) foos = models.ManyToManyField(Foo, related_name='bars')
Create your database, fill it with important data, then do the following:
bars = Bar.objects.all().annotate(foos=Sum('foos'))
Now all your data connections are gone. Yay.
What happens is that
annotate gladly accepts "foos" even if that attribute name is already taken. It then retrieves all the objects from the result set and proceeds to destroy your data by assigning aggregated values to your precious related manager. The manager then happily swallows the integer it receives and goes to delete all the relations.
annotateraise an exception when passed an already existing attribute
- Make the many-to-many manager think for a while before it accepts 5 or any other integer as the new relation set