#30702: Form leaks all objects of model -------------------------------------+------------------------------------- Reporter: Kevin | Owner: nobody Olbrich | Type: Bug | Status: new Component: Forms | Version: 2.2 Severity: Normal | Keywords: form, forms, Triage Stage: | queryset Unreviewed | Has patch: 0 Needs documentation: 0 | Needs tests: 0 Patch needs improvement: 0 | Easy pickings: 0 UI/UX: 0 | -------------------------------------+------------------------------------- Hi!
During development I had to filter the possible values in my form based on the logged in user: {{{ class DomainRegisterForm(UserKwargModelFormMixin, forms.Form): domain = forms.CharField(label='Domain', max_length=100) customer = forms.ModelChoiceField(queryset=MdatCustomers.objects.none()) def __init__(self, *args, **kwargs): super(DomainRegisterForm, self).__init__(*args, **kwargs) self.fields['customer'].queryset = MdatCustomers.objects.filter(mdatmultitenancyusers__user=self.user) }}} UserKwargModelFormMixin is from django-braces and simply does pull the user from the request: {{{ class UserKwargModelFormMixin(object): """ Generic model form mixin for popping user out of the kwargs and attaching it to the instance. This mixin must precede forms.ModelForm/forms.Form. The form is not expecting these kwargs to be passed in, so they must be popped off before anything else is done. """ def __init__(self, *args, **kwargs): self.user = kwargs.pop("user", None) # Pop the user off the # passed in kwargs. super(UserKwargModelFormMixin, self).__init__(*args, **kwargs) }}} The values are shown correctly on first load of the form. I can choose the value and send it. I've met two issues with this: 1) After submit of the form, I get an "invalid_choice" error. The value I'd chosen is then filtered from the queryset even if it was valid. 2) The queryset is not filtered anymore, it shows ALL values (like: MdatCustomers.objects.all() ). As I use this to give a user access to multiple companies, I absolutely don't want them to browse all ;-) I did some research in the code but was unable to spot where this happens. Kind regards Kevin -- Ticket URL: <https://code.djangoproject.com/ticket/30702> Django <https://code.djangoproject.com/> The Web framework for perfectionists with deadlines. -- You received this message because you are subscribed to the Google Groups "Django updates" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-updates+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/056.c0ab06e9e77c5a59bf106465a0d4aa95%40djangoproject.com.