Opened 10 months ago

Closed 10 months ago

Last modified 10 months ago

#35087 closed Bug (fixed)

DisallowedModelAdminLookup raised when filtering on a ForeignKey not listed in list_filters

Reported by: Maxime Lorant Owned by: Sarah Boyce
Component: contrib.admin Version: 5.0
Severity: Release blocker Keywords: admin filters foreignkey
Cc: Sarah Boyce Triage Stage: Ready for checkin
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description (last modified by Maxime Lorant)

Since Django 5.0.1, the exception DisallowedModelAdminLookup is raised when I'm trying to filter a list in the Django admin with a foreign key attribute not listed in list_filters. It looks like a regression from #35020, but I'm not exactly sure at 100 %. The exception is not raised when I'm filtering against a foreign key attribute listed in list_filters neither for a standard CharField not listed. Using the following simple example, on a fresh new Django project:

# models.py
class Client(models.Model):
    name = models.CharField("name", max_length=100)

class Invoice(models.Model):
    client = models.ForeignKey(Client, models.CASCADE, null=False)
    number = models.CharField("number", max_length=100)

# admin.py
@admin.register(models.Invoice)
class InvoiceAdmin(admin.ModelAdmin):
    pass   # note that no list_filters is defined 

The URL /admin/core/invoice/?client=1 in local:

  • returns a 200, with proper results in Django 4.2.9
  • returns a 200, with proper results in Django 5.0.0
  • returns a 500, from the exception below in Django 5.0.1

The exception raised in Django 5.0.1:

  File "<VENV>/lib/python3.12/site-packages/django/core/handlers/exception.py", line 55, in inner
    response = get_response(request)
               ^^^^^^^^^^^^^^^^^^^^^
  [...]
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "<VENV>/lib/python3.12/site-packages/django/contrib/admin/options.py", line 1981, in changelist_view
    cl = self.get_changelist_instance(request)
         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "<VENV>/lib/python3.12/site-packages/django/contrib/admin/options.py", line 862, in get_changelist_instance
    return ChangeList(
           ^^^^^^^^^^^
  File "<VENV>/lib/python3.12/site-packages/django/contrib/admin/views/main.py", line 144, in __init__
    self.queryset = self.get_queryset(request)
                    ^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "<VENV>/lib/python3.12/site-packages/django/contrib/admin/views/main.py", line 539, in get_queryset
    ) = self.get_filters(request)
        ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "<VENV>/lib/python3.12/site-packages/django/contrib/admin/views/main.py", line 193, in get_filters
    raise DisallowedModelAdminLookup(f"Filtering by {key} not allowed")
django.contrib.admin.exceptions.DisallowedModelAdminLookup: Filtering by client not allowed

The URL /admin/core/invoice/?number=ABC works in the three versions with the same behaviour each time (make an exact match on the charfield)

Change History (6)

comment:1 by Maxime Lorant, 10 months ago

Description: modified (diff)

comment:2 by Mariusz Felisiak, 10 months ago

Cc: Sarah Boyce added
Severity: NormalRelease blocker
Triage Stage: UnreviewedAccepted

Thanks for the report!

Regression in f80669d2f5a5f1db9e9b73ca893fefba34f955e7.

comment:3 by Sarah Boyce, 10 months ago

Has patch: set
Owner: changed from nobody to Sarah Boyce
Status: newassigned

comment:4 by Mariusz Felisiak, 10 months ago

Triage Stage: AcceptedReady for checkin

comment:5 by Mariusz Felisiak <felisiak.mariusz@…>, 10 months ago

Resolution: fixed
Status: assignedclosed

In a9094ec1:

Fixed #35087 -- Reallowed filtering against foreign keys not listed in ModelAdmin.list_filters.

Regression in f80669d2f5a5f1db9e9b73ca893fefba34f955e7.

comment:6 by Mariusz Felisiak <felisiak.mariusz@…>, 10 months ago

In 4cba6748:

[5.0.x] Fixed #35087 -- Reallowed filtering against foreign keys not listed in ModelAdmin.list_filters.

Regression in f80669d2f5a5f1db9e9b73ca893fefba34f955e7.

Backport of a9094ec1f43dca7f2a649327afcd5e6226b4959c from main

Note: See TracTickets for help on using tickets.
Back to Top