#28262: Using lookup with autocreated fields crashes django admin
-------------------------------------+-------------------------------------
Reporter: Michal Dabski | Owner: nobody
Type: Bug | Status: new
Component: contrib.admin | Version: 1.11
Severity: Normal | Resolution:
Keywords: | Triage Stage:
admin,lookup_allowed | Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Description changed by Michal Dabski:
Old description:
> Consider the following models:
>
> {{{
> class AuditSession(Model):
> auditor = models.ForeignKey(User)
>
> class Institution(BaseModel):
> name = models.CharField(max_length=100)
>
> class Auditor(BaseModel):
> user = models.OneToOneField(User)
> institution = models.ForeignKey(Institution, null=True, blank=True)
> }}}
>
> And the following filter in audit session admin:
> {{{
> class AuditSessionAdmin(ModelAdmin):
> list_filter = (
> ('auditor__auditor__institution'),
> )
> }}}
>
> As of Django version 1.9 up to the latest release 1.11.1, the above
> lookup will raise server error when used by raising
> `DisallowedModelAdminLookup (Filtering by
> auditor__auditor__institution__id__exact not allowed)`. This is because
> the lookup uses reverse relation between User and Auditor model.
>
> This lookup passes checks and only crashes when user tries to use the
> filter. I could not find the reasoning behind the implementation of
> lookup_allowed and why it would forbid using reverse relations. Nor could
> I find any documentation for this change in 1.9 release notes.
> I have recently upgraded from django 1.8 where this lookup worked
> perfectly fine.
New description:
Consider the following models:
{{{
class AuditSession(Model):
auditor = models.ForeignKey(User)
class Institution(Model):
name = models.CharField(max_length=100)
class Auditor(Model):
user = models.OneToOneField(User)
institution = models.ForeignKey(Institution, null=True, blank=True)
}}}
And the following filter in audit session admin:
{{{
class AuditSessionAdmin(ModelAdmin):
list_filter = (
('auditor__auditor__institution'),
)
}}}
As of Django version 1.9 up to the latest release 1.11.1, the above lookup
will raise server error when used by raising `DisallowedModelAdminLookup
(Filtering by auditor__auditor__institution__id__exact not allowed)`. This
is because the lookup uses reverse relation between User and Auditor
model.
This lookup passes checks and only crashes when user tries to use the
filter. I could not find the reasoning behind the implementation of
lookup_allowed and why it would forbid using reverse relations. Nor could
I find any documentation for this change in 1.9 release notes.
I have recently upgraded from django 1.8 where this lookup worked
perfectly fine.
--
--
Ticket URL: <https://code.djangoproject.com/ticket/28262#comment:2>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/064.7d3d75d085d47fb493cea2a63ef94438%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
