Opened 8 years ago

Closed 8 years ago

Last modified 5 years ago

#7666 closed (fixed)

Default managers should not restrict access to single related objects

Reported by: jkocherhans Owned by: Jacob
Component: Database layer (models, ORM) Version: master
Severity: Keywords:
Cc: Triage Stage: Accepted
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: UI/UX:

Description

We currently use the default manager when looking up a single related object, but this can make the related object inaccessible. See the attached test for details.

Attachments (2)

7666-failing-test.diff (1.5 KB) - added by jkocherhans 8 years ago.
7666.patch (2.5 KB) - added by noodslane 8 years ago.

Download all attachments as: .zip

Change History (11)

comment:1 Changed 8 years ago by jkocherhans

Triage Stage: UnreviewedDesign decision needed

Changed 8 years ago by jkocherhans

Attachment: 7666-failing-test.diff added

Changed 8 years ago by noodslane

Attachment: 7666.patch added

comment:2 Changed 8 years ago by noodslane

Simple patch; does not address Ivan Sagalaev's concerns in the django-dev thread.

comment:3 Changed 8 years ago by noodslane

Has patch: set

Simple patch; does not address Ivan Sagalaev's concerns in the django-dev thread.

comment:4 Changed 8 years ago by nicklane

Triage Stage: Design decision neededAccepted

Changed to accepted based on previous comments on django-dev.

For reference: http://groups.google.com/group/django-developers/browse_thread/thread/619f44e1ae68da1a/c94c12f5db53c1a1

comment:5 Changed 8 years ago by Jacob

Owner: changed from nobody to Jacob
Status: newassigned

comment:6 Changed 8 years ago by Jacob

Resolution: fixed
Status: assignedclosed

(In [8017]) FIxed #7666: use a bare queryset when accessing single related objects so that the related objects never become inaccessible.

comment:7 Changed 8 years ago by magneto

Resolution: fixed
Status: closedreopened

Yikes guys

this change, effectively kills "get" overloading in Managers

i can think of a million reasons way this is necessary,
caching these 'gets' in some local/thread/memcached world
'special gets' (deleted flags and permissions)
database sharding, etc, etc

i hope y'all re think this before Versions 1, so i'm reopening this as since the 'QuerySet' approach you took has no ability to be overloaded

comment:8 Changed 8 years ago by ElliottM

Resolution: fixed
Status: reopenedclosed

The problem described in the ticket is fixed, please create a new ticket for the new problem.

comment:9 Changed 5 years ago by Jacob

milestone: 1.0 alpha

Milestone 1.0 alpha deleted

Note: See TracTickets for help on using tickets.
Back to Top