Opened 11 months ago

Last modified 11 months ago

#35087 closed Bug

DisallowedModelAdminLookup raised when filtering on a ForeignKey not listed in list_filters — at Version 1

Reported by: Maxime Lorant Owned by: nobody
Component: contrib.admin Version: 5.0
Severity: Release blocker Keywords: admin filters foreignkey
Cc: Sarah Boyce Triage Stage: Ready for checkin
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description (last modified by Maxime Lorant)

Since Django 5.0.1, the exception DisallowedModelAdminLookup is raised when I'm trying to filter a list in the Django admin with a foreign key attribute not listed in list_filters. It looks like a regression from #35020, but I'm not exactly sure at 100 %. The exception is not raised when I'm filtering against a foreign key attribute listed in list_filters neither for a standard CharField not listed. Using the following simple example, on a fresh new Django project:

# models.py
class Client(models.Model):
    name = models.CharField("name", max_length=100)

class Invoice(models.Model):
    client = models.ForeignKey(Client, models.CASCADE, null=False)
    number = models.CharField("number", max_length=100)

# admin.py
@admin.register(models.Invoice)
class InvoiceAdmin(admin.ModelAdmin):
    pass   # note that no list_filters is defined 

The URL /admin/core/invoice/?client=1 in local:

  • returns a 200, with proper results in Django 4.2.9
  • returns a 200, with proper results in Django 5.0.0
  • returns a 500, from the exception below in Django 5.0.1

The exception raised in Django 5.0.1:

  File "<VENV>/lib/python3.12/site-packages/django/core/handlers/exception.py", line 55, in inner
    response = get_response(request)
               ^^^^^^^^^^^^^^^^^^^^^
  [...]
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "<VENV>/lib/python3.12/site-packages/django/contrib/admin/options.py", line 1981, in changelist_view
    cl = self.get_changelist_instance(request)
         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "<VENV>/lib/python3.12/site-packages/django/contrib/admin/options.py", line 862, in get_changelist_instance
    return ChangeList(
           ^^^^^^^^^^^
  File "<VENV>/lib/python3.12/site-packages/django/contrib/admin/views/main.py", line 144, in __init__
    self.queryset = self.get_queryset(request)
                    ^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "<VENV>/lib/python3.12/site-packages/django/contrib/admin/views/main.py", line 539, in get_queryset
    ) = self.get_filters(request)
        ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "<VENV>/lib/python3.12/site-packages/django/contrib/admin/views/main.py", line 193, in get_filters
    raise DisallowedModelAdminLookup(f"Filtering by {key} not allowed")
django.contrib.admin.exceptions.DisallowedModelAdminLookup: Filtering by client not allowed

The URL /admin/core/invoice/?number=ABC works in the three versions with the same behaviour each time (make an exact match on the charfield)

Change History (1)

comment:1 by Maxime Lorant, 11 months ago

Description: modified (diff)
Note: See TracTickets for help on using tickets.
Back to Top