Since Django 5.0.1, the exception DisallowedModelAdminLookup
is raised when I'm trying to filter a list in the Django admin with a foreign key attribute not listed in list_filters
. It looks like a regression from #35020, but I'm not exactly sure at 100 %. The exception is not raised when I'm filtering against a foreign key attribute listed in list_filters
neither for a standard CharField not listed. Using the following simple example, on a fresh new Django project:
# models.py
class Client(models.Model):
name = models.CharField("name", max_length=100)
class Invoice(models.Model):
client = models.ForeignKey(Client, models.CASCADE, null=False)
number = models.CharField("number", max_length=100)
# admin.py
@admin.register(models.Invoice)
class InvoiceAdmin(admin.ModelAdmin):
pass # note that no list_filters is defined
The URL /admin/core/invoice/?client=1
in local:
- returns a 200, with proper results in Django 4.2.9
- returns a 200, with proper results in Django 5.0.0
- returns a 500, from the exception below in Django 5.0.1
The exception raised in Django 5.0.1:
File "<VENV>/lib/python3.12/site-packages/django/core/handlers/exception.py", line 55, in inner
response = get_response(request)
^^^^^^^^^^^^^^^^^^^^^
[...]
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "<VENV>/lib/python3.12/site-packages/django/contrib/admin/options.py", line 1981, in changelist_view
cl = self.get_changelist_instance(request)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "<VENV>/lib/python3.12/site-packages/django/contrib/admin/options.py", line 862, in get_changelist_instance
return ChangeList(
^^^^^^^^^^^
File "<VENV>/lib/python3.12/site-packages/django/contrib/admin/views/main.py", line 144, in __init__
self.queryset = self.get_queryset(request)
^^^^^^^^^^^^^^^^^^^^^^^^^^
File "<VENV>/lib/python3.12/site-packages/django/contrib/admin/views/main.py", line 539, in get_queryset
) = self.get_filters(request)
^^^^^^^^^^^^^^^^^^^^^^^^^
File "<VENV>/lib/python3.12/site-packages/django/contrib/admin/views/main.py", line 193, in get_filters
raise DisallowedModelAdminLookup(f"Filtering by {key} not allowed")
django.contrib.admin.exceptions.DisallowedModelAdminLookup: Filtering by client not allowed
The URL /admin/core/invoice/?number=ABC
works in the three versions with the same behaviour each time (make an exact match on the charfield)
Thanks for the report!
Regression in f80669d2f5a5f1db9e9b73ca893fefba34f955e7.