Opened 16 years ago

Closed 16 years ago

Last modified 12 years ago

#7666 closed (fixed)

Default managers should not restrict access to single related objects

Reported by: jkocherhans Owned by: Jacob
Component: Database layer (models, ORM) Version: dev
Severity: Keywords:
Cc: Triage Stage: Accepted
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

We currently use the default manager when looking up a single related object, but this can make the related object inaccessible. See the attached test for details.

Attachments (2)

7666-failing-test.diff (1.5 KB ) - added by jkocherhans 16 years ago.
7666.patch (2.5 KB ) - added by noodslane 16 years ago.

Download all attachments as: .zip

Change History (11)

comment:1 by jkocherhans, 16 years ago

Triage Stage: UnreviewedDesign decision needed

by jkocherhans, 16 years ago

Attachment: 7666-failing-test.diff added

by noodslane, 16 years ago

Attachment: 7666.patch added

comment:2 by noodslane, 16 years ago

Simple patch; does not address Ivan Sagalaev's concerns in the django-dev thread.

comment:3 by noodslane, 16 years ago

Has patch: set

Simple patch; does not address Ivan Sagalaev's concerns in the django-dev thread.

comment:4 by nicklane, 16 years ago

Triage Stage: Design decision neededAccepted

Changed to accepted based on previous comments on django-dev.

For reference: http://groups.google.com/group/django-developers/browse_thread/thread/619f44e1ae68da1a/c94c12f5db53c1a1

comment:5 by Jacob, 16 years ago

Owner: changed from nobody to Jacob
Status: newassigned

comment:6 by Jacob, 16 years ago

Resolution: fixed
Status: assignedclosed

(In [8017]) FIxed #7666: use a bare queryset when accessing single related objects so that the related objects never become inaccessible.

comment:7 by magneto, 16 years ago

Resolution: fixed
Status: closedreopened

Yikes guys

this change, effectively kills "get" overloading in Managers

i can think of a million reasons way this is necessary,
caching these 'gets' in some local/thread/memcached world
'special gets' (deleted flags and permissions)
database sharding, etc, etc

i hope y'all re think this before Versions 1, so i'm reopening this as since the 'QuerySet' approach you took has no ability to be overloaded

comment:8 by ElliottM, 16 years ago

Resolution: fixed
Status: reopenedclosed

The problem described in the ticket is fixed, please create a new ticket for the new problem.

comment:9 by Jacob, 12 years ago

milestone: 1.0 alpha

Milestone 1.0 alpha deleted

Note: See TracTickets for help on using tickets.
Back to Top