Opened 11 months ago
Last modified 11 months ago
#35087 closed Bug
DisallowedModelAdminLookup raised when filtering on a ForeignKey not listed in list_filters — at Version 1
Reported by: | Maxime Lorant | Owned by: | nobody |
---|---|---|---|
Component: | contrib.admin | Version: | 5.0 |
Severity: | Release blocker | Keywords: | admin filters foreignkey |
Cc: | Sarah Boyce | Triage Stage: | Ready for checkin |
Has patch: | yes | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | no |
Description (last modified by )
Since Django 5.0.1, the exception DisallowedModelAdminLookup
is raised when I'm trying to filter a list in the Django admin with a foreign key attribute not listed in list_filters
. It looks like a regression from #35020, but I'm not exactly sure at 100 %. The exception is not raised when I'm filtering against a foreign key attribute listed in list_filters
neither for a standard CharField not listed. Using the following simple example, on a fresh new Django project:
# models.py class Client(models.Model): name = models.CharField("name", max_length=100) class Invoice(models.Model): client = models.ForeignKey(Client, models.CASCADE, null=False) number = models.CharField("number", max_length=100) # admin.py @admin.register(models.Invoice) class InvoiceAdmin(admin.ModelAdmin): pass # note that no list_filters is defined
The URL /admin/core/invoice/?client=1
in local:
- returns a 200, with proper results in Django 4.2.9
- returns a 200, with proper results in Django 5.0.0
- returns a 500, from the exception below in Django 5.0.1
The exception raised in Django 5.0.1:
File "<VENV>/lib/python3.12/site-packages/django/core/handlers/exception.py", line 55, in inner response = get_response(request) ^^^^^^^^^^^^^^^^^^^^^ [...] ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "<VENV>/lib/python3.12/site-packages/django/contrib/admin/options.py", line 1981, in changelist_view cl = self.get_changelist_instance(request) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "<VENV>/lib/python3.12/site-packages/django/contrib/admin/options.py", line 862, in get_changelist_instance return ChangeList( ^^^^^^^^^^^ File "<VENV>/lib/python3.12/site-packages/django/contrib/admin/views/main.py", line 144, in __init__ self.queryset = self.get_queryset(request) ^^^^^^^^^^^^^^^^^^^^^^^^^^ File "<VENV>/lib/python3.12/site-packages/django/contrib/admin/views/main.py", line 539, in get_queryset ) = self.get_filters(request) ^^^^^^^^^^^^^^^^^^^^^^^^^ File "<VENV>/lib/python3.12/site-packages/django/contrib/admin/views/main.py", line 193, in get_filters raise DisallowedModelAdminLookup(f"Filtering by {key} not allowed") django.contrib.admin.exceptions.DisallowedModelAdminLookup: Filtering by client not allowed
The URL /admin/core/invoice/?number=ABC
works in the three versions with the same behaviour each time (make an exact match on the charfield)