Changeset 15031 breaks filtering to objects which are subclassed.
|Reported by:||rene||Owned by:||nobody|
|Severity:||Keywords:||filtering subclassed object not allowed regression blocker|
|Has patch:||yes||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||no|
In changeset 15031 a security check is implemented which checks if the parameters in the URL query are indeed field names specified in the 'list_filter' attribute of the AdminModel.
This breaks the filtering of a inherintanced model object. See attached two files for a sample code.
I have a 'Employee' class in models.py which is a subclass of 'django.contrib.auth.models.User'.
I have a WorkHour class in models.py which has a foreign key to 'Employee'.
In admin.py I have WorkHourAdmin which defines a list_filter attribute which includes the field 'employee'. This field is the foreign key to Employee.
The employee filter on 'WorkHour' admin object will generate a lookup key like this: 'employee user_ptr exact'
In changeset 15031 this does not the pass the check in 'django/contrib/admin/options.py' line 243
The field 'employee user ptr' is not defined in the 'list_filter' attribute on class WorkHourAdmin. But according to me this is a valid filtering.
Change History (23)
comment:1 Changed 4 years ago by rene
- Component changed from Uncategorized to django.contrib.admin
- Keywords filtering subclassed object not allowed added
- Needs documentation unset
- Needs tests unset
- Patch needs improvement unset
comment:2 Changed 4 years ago by rene
- Summary changed from Changeset 15031 breaks filtering to objects which are are subclassed. to Changeset 15031 breaks filtering to objects which are subclassed.
comment:3 Changed 4 years ago by russellm
- Keywords regression blocker added
- milestone set to 1.3
- Triage Stage changed from Unreviewed to Accepted
comment:4 Changed 4 years ago by ramiro
- Resolution set to worksforme
- Status changed from new to closed
comment:7 Changed 4 years ago by rene
- Resolution worksforme deleted
- Status changed from closed to reopened
comment:12 Changed 4 years ago by ramiro
- Resolution set to fixed
- Status changed from reopened to closed