id summary reporter owner description type status component version severity resolution keywords cc stage has_patch needs_docs needs_tests needs_better_patch easy ui_ux 30702 Form leaks all objects of model Kevin Olbrich nobody "Hi! During development I had to filter the possible values in my form based on the logged in user: {{{ class DomainRegisterForm(UserKwargModelFormMixin, forms.Form): domain = forms.CharField(label='Domain', max_length=100) customer = forms.ModelChoiceField(queryset=MdatCustomers.objects.none()) def __init__(self, *args, **kwargs): super(DomainRegisterForm, self).__init__(*args, **kwargs) self.fields['customer'].queryset = MdatCustomers.objects.filter(mdatmultitenancyusers__user=self.user) }}} UserKwargModelFormMixin is from django-braces and simply does pull the user from the request: {{{ class UserKwargModelFormMixin(object): """""" Generic model form mixin for popping user out of the kwargs and attaching it to the instance. This mixin must precede forms.ModelForm/forms.Form. The form is not expecting these kwargs to be passed in, so they must be popped off before anything else is done. """""" def __init__(self, *args, **kwargs): self.user = kwargs.pop(""user"", None) # Pop the user off the # passed in kwargs. super(UserKwargModelFormMixin, self).__init__(*args, **kwargs) }}} The values are shown correctly on first load of the form. I can choose the value and send it. I've met two issues with this: 1) After submit of the form, I get an ""invalid_choice"" error. The value I'd chosen is then filtered from the queryset even if it was valid. 2) The queryset is not filtered anymore, it shows ALL values (like: MdatCustomers.objects.all() ). As I use this to give a user access to multiple companies, I absolutely don't want them to browse all ;-) I did some research in the code but was unable to spot where this happens. Kind regards Kevin" Bug closed Forms 2.2 Normal invalid form, forms, queryset Unreviewed 0 0 0 0 0 0