Opened 17 years ago
Closed 17 years ago
#5913 closed (fixed)
Newforms ModelChoiceField and ModelMultipleChoiceField accepting invalid choices when cleaning
| Reported by: | Owned by: | nobody | |
|---|---|---|---|
| Component: | Forms | Version: | dev |
| Severity: | Keywords: | newforms, clean | |
| Cc: | Triage Stage: | Accepted | |
| Has patch: | yes | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
In this fields clean() method there is no validation if the returned object is actually in the valid choices if the queryset is filtered somehow
class ModelChoiceField(ModelChoiceField): ... def clean(self, value): Field.clean(self, value) if value in ('', None): return None try: value = self.queryset.model._default_manager.get(pk=value) except self.queryset.model.DoesNotExist: raise ValidationError(ugettext(u'Select a valid choice. That choice is not one of the available choices.')) return value
Here we check only if there is an instance of that model with pk=value, but not if this object is a valid choice given the queryset
Here is an example lets say we have a model TestModel with attribute test_attribute which is BooleanField:
>>> from django.newforms.models import ModelChoiceField >>> from testapp.models import TestModel >>> ins_1 = TestModel._default_manager.create(test_attribute=True) >>> ins_2 = TestModel._default_manager.create(test_attribute=False) >>> field = ModelChoiceField(queryset=TestModel._default_manager.filter(test_attribute=True)) >>> field.clean(ins_1._get_pk_value()) <TestModel: test_attribute - True> # or something like that >>> field.clean(ins_2._get_pk_value()) <TestModel: test_attribute - False> # this is not a valid choice but it is cleaned like it is
I provide a patch its simple but probably not the best option its for ModelChoiceField only but its the same for the multiple field
Attachments (1)
Change History (4)
by , 17 years ago
| Attachment: | model_choice_field.patch added |
|---|
comment:1 by , 17 years ago
| Resolution: | → duplicate |
|---|---|
| Status: | new → closed |
This falls under the same functionality that #4787 is wanting to give to ModelChoiceField and ModelMultipleChoiceField. Marking as duplicate. Perhaps you can write a better patch that includes this and attach it there?
comment:2 by , 17 years ago
| Resolution: | duplicate |
|---|---|
| Status: | closed → reopened |
| Triage Stage: | Unreviewed → Accepted |
Let's keep the issues separate please.
comment:3 by , 17 years ago
| Resolution: | → fixed |
|---|---|
| Status: | reopened → closed |
(In [6670]) Fixed #4787, #5913 -- Updating the queryset on a ModelChoiceField or ModelMultipleChoiceField now updates its widget's choices. The clean methods for ModelChoiceField and ModelMultipleChoiceField were changed to only allow choices in the specified queryset (instead of allowing all choices returned by the queryset model's default manager).
Patch