#22828: Model admins should return copies of its attributes
-------------------------------+--------------------
Reporter: vzima | Owner: nobody
Type: Bug | Status: new
Component: contrib.admin | Version: master
Severity: Normal | Keywords:
Triage Stage: Unreviewed | Has patch: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------+--------------------
I found out there is hidden problem in `ModelAdmin`s. Getters returns
directly attributes and not their copies. This has a hidden danger in
cases when you override the getters. You can easily change the
configuration of the model admin.
Example:
{{{
#!python
from django.contrib.admin.options import BaseModelAdmin
class MyAdmin(BaseModelAdmin):
readonly_fields = ['foo', ]
admin = MyAdmin()
rf = admin.get_readonly_fields(None)
# For example, but it can very easily happen in the method override.
rf.append('bar')
MyAdmin.readonly_fields #>>> ['foo', 'bar']
}}}
=== Affected attributes ===
* fieldsets
* fileds
* ordering
* readonly_fields
* prepopulated_fields
* list_display
* list_display_links
* list_filter
* search_fields
Django should return copies in getters of these attributes to avoid
unwanted changes of the `ModelAdmin` at runtime.
--
Ticket URL: <https://code.djangoproject.com/ticket/22828>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/048.43beff7a0a4ef850fc42d3ef479456f9%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
