Re: [Django] #15103: Django 1.2.4 breaks limit_choices_to for raw_id_fields

[Django]

#15103: Django 1.2.4 breaks limit_choices_to for raw_id_fields
-------------------------------------------+--------------------------------
          Reporter:  natrius               |         Owner:  nobody             
               
            Status:  new                   |     Milestone:  1.3                
               
         Component:  django.contrib.admin  |       Version:  1.2                
               
        Resolution:                        |      Keywords:  blocker regression 
send_mail email
             Stage:  Accepted              |     Has_patch:  0                  
               
        Needs_docs:  0                     |   Needs_tests:  0                  
               
Needs_better_patch:  0                     |  
-------------------------------------------+--------------------------------
Comment (by lukeplant):

 I have attached a patch which fixes the issue, for another pair of eyes to
 review. For the reason given above, I have implemented it so that only the
 exact lookup specified in the limit_choices_to is allowed. The only
 problem is that this involves passing the value to the
 `ModelAdmin.lookup_allowed` method, thus changing its signature. Due to
 the breakage in 1.2.4, people are already using the lookup_allowed method
 (e.g. http://www.hoboes.com/Mimsy/hacks/fixing-django-124s-
 suspiciousoperation-filtering/ ), so we need to think what to do about
 that.

 Just using a keyword argument won't make it compatible with the example
 linked, although it would reduce comeback - we can say that you should
 always use `**kwargs` when overriding a method that isn't documented.
 Technically `lookup_allowed` it isn't documented, so we are allowed to
 change the signature. But we should at least put a note in the release
 notes, so that people don't get yet more breakage with this. Alternatively
 we could add another method like `lookup_allowed_value`, or move the added
 code to the calling method.

 I did not yet fix #14880, but I'm pretty sure that the newly extracted
 'url_params_from_lookup_dict' function is the place to do it. I did take
 the opportunity to fix various unicode bugs in the existing code (it
 produced !UnicodeDecodeError on template render if `limit_choices_to`
 contained non-ASCII chars, for example).

-- 
Ticket URL: <http://code.djangoproject.com/ticket/15103#comment:4>
Django <http://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To post to this group, send email to django-updates@googlegroups.com.
To unsubscribe from this group, send email to 
django-updates+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-updates?hl=en.