id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
15044	recent security fix for admin filters breaks filters, related to inheriting	Thomas Capricelli	nobody	"Since r15031, filters are broken in several of my Django apps. Closing of ticket #14999 fixed most issues, but there's one remaining. I'm trying to explain here.

I have this kind of models
class A(models.Model): field1 = models.IntegerField()
class B(A): field2 = models.ForeignKey(Whatever)

Then in the admin.py, i have declared for BAdmin: list_filter = ('field1', 'field2', )

Until r15031, i could filter using field1 and field2 in the admin interface. Now i can only filter using field1. If i try with field2 i get a raise SuspiciousOperation(""Filtering by %s not allowed"" % key) from django/contrib/admin/views/main.py

I've tried to understand the problem and here's why i've found. I'm really not familiar with Django code, so it may be completely unrelated:

in django/contrib/admin/options.py:BaseModelAdmin():lookup_allowed(), around line 200, there's
        if len(parts) > 1 and parts[-1] == self.model._meta.pk.name:

In my case, the lookup variable is ""field2__id__exact"" and at this point of the code, the variable parts is ['field2', 'id']. Though the self.model._meta.pk.name value is not 'id' but 'A_ptr'. That is, the name of the field pointing to the inherited class.
"		closed	contrib.admin	1.2		duplicate	filters, admin, blocker, regression		Accepted	0	0	0	0	0	0