#4189: Fix for COMMENTS_BANNED_USERS_GROUP exploding the ORM when using the
templatetag.
----------------------------------------------------------+-----------------
Reporter: Brett Hoerner <[EMAIL PROTECTED]> | Owner: adrian
Status: new | Component:
django.contrib.comments
Version: 0.96 | Keywords:
comments, COMMENTS_BANNED_USERS_GROUP
Stage: Unreviewed | Has_patch: 1
----------------------------------------------------------+-----------------
Using Django comments with COMMENTS_BANNED_USERS_GROUP drops you into the
following branch:
{{{
if not self.free and settings.COMMENTS_BANNED_USERS_GROUP:
kwargs['select'] = {'is_hidden': 'user_id IN (SELECT user_id FROM
auth_user_groups WHERE group_id = %s)' %
settings.COMMENTS_BANNED_USERS_GROUP}
comment_list = get_list_function(**kwargs).order_by(self.ordering +
'submit_date').select_related()
}}}
Which in turn shoves the kwarg 'select' into a filter function, thus
making the ORM puke violently. A patch is attached:
{{{
comment_list = get_list_function(**kwargs).order_by(self.ordering +
'submit_date').select_related()
if not self.free and settings.COMMENTS_BANNED_USERS_GROUP:
comment_list = comment_list.extra(select={'is_hidden': 'user_id IN
(SELECT user_id FROM auth_user_groups WHERE group_id = %s)' %
settings.COMMENTS_BANNED_USERS_GROUP})
}}}
Also, the Comment/FreeComment models' get_absolute_url() methods can cause
a site to fail loudly if an object is erased and latest comments are still
referred to. An example is a "latest comments" rail showing comments on
different objects. If one of the objects is removed the following code
will cause a rendering error, instead of failing silently.
(get_content_object returns None and then get_absolute_url explodes)
{{{
def get_absolute_url(self):
return self.get_content_object().get_absolute_url() + "#c" +
str(self.id)
}}}
This is a problem because non-developers (template creators and/or admin
users) can bring a site to a halt using comments (I believe Django prefers
templates to fail silently instead of loudly when they can), I recommend a
safe/harmless change such as this:
{{{
def get_absolute_url(self):
try:
return self.get_content_object().get_absolute_url() + "#c" +
str(self.id)
except AttributeError:
return ""
}}}
--
Ticket URL: <http://code.djangoproject.com/ticket/4189>
Django Code <http://code.djangoproject.com/>
The web framework for perfectionists with deadlines
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en
-~----------~----~----~----~------~----~------~--~---
