Opened 7 years ago

Closed 7 years ago

Last modified 4 years ago

#7666 closed (fixed)

Default managers should not restrict access to single related objects

Reported by: jkocherhans Owned by: jacob
Component: Database layer (models, ORM) Version: master
Severity: Keywords:
Cc: Triage Stage: Accepted
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: UI/UX:

Description

We currently use the default manager when looking up a single related object, but this can make the related object inaccessible. See the attached test for details.

Attachments (2)

7666-failing-test.diff (1.5 KB) - added by jkocherhans 7 years ago.
7666.patch (2.5 KB) - added by noodslane 7 years ago.

Download all attachments as: .zip

Change History (11)

comment:1 Changed 7 years ago by jkocherhans

  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset
  • Triage Stage changed from Unreviewed to Design decision needed

Changed 7 years ago by jkocherhans

Changed 7 years ago by noodslane

comment:2 Changed 7 years ago by noodslane

Simple patch; does not address Ivan Sagalaev's concerns in the django-dev thread.

comment:3 Changed 7 years ago by noodslane

  • Has patch set

Simple patch; does not address Ivan Sagalaev's concerns in the django-dev thread.

comment:4 Changed 7 years ago by nicklane

  • Triage Stage changed from Design decision needed to Accepted

Changed to accepted based on previous comments on django-dev.

For reference: http://groups.google.com/group/django-developers/browse_thread/thread/619f44e1ae68da1a/c94c12f5db53c1a1

comment:5 Changed 7 years ago by jacob

  • Owner changed from nobody to jacob
  • Status changed from new to assigned

comment:6 Changed 7 years ago by jacob

  • Resolution set to fixed
  • Status changed from assigned to closed

(In [8017]) FIxed #7666: use a bare queryset when accessing single related objects so that the related objects never become inaccessible.

comment:7 Changed 7 years ago by magneto

  • Resolution fixed deleted
  • Status changed from closed to reopened

Yikes guys

this change, effectively kills "get" overloading in Managers

i can think of a million reasons way this is necessary,
caching these 'gets' in some local/thread/memcached world
'special gets' (deleted flags and permissions)
database sharding, etc, etc

i hope y'all re think this before Versions 1, so i'm reopening this as since the 'QuerySet' approach you took has no ability to be overloaded

comment:8 Changed 7 years ago by ElliottM

  • Resolution set to fixed
  • Status changed from reopened to closed

The problem described in the ticket is fixed, please create a new ticket for the new problem.

comment:9 Changed 4 years ago by jacob

  • milestone 1.0 alpha deleted

Milestone 1.0 alpha deleted

Note: See TracTickets for help on using tickets.
Back to Top