Re: [Django] #15103: Django 1.2.4 breaks limit_choices_to for raw_id_fields

[Django]

#15103: Django 1.2.4 breaks limit_choices_to for raw_id_fields
-------------------------------------------+--------------------------------
          Reporter:  natrius               |         Owner:  nobody             
               
            Status:  new                   |     Milestone:  1.3                
               
         Component:  django.contrib.admin  |       Version:  1.2                
               
        Resolution:                        |      Keywords:  blocker regression 
send_mail email
             Stage:  Accepted              |     Has_patch:  0                  
               
        Needs_docs:  0                     |   Needs_tests:  0                  
               
Needs_better_patch:  0                     |  
-------------------------------------------+--------------------------------
Comment (by russellm):

 @luke,

 Fair point about being explicit, but (using the Holiday/Tour/Person models
 as an example):

 This whole filtering issue arises because a HolidayAdmin with
 raw_id_fields=('tour',) requires the ability to filter Tours based on
 leader!__status. However, the existence of the raw_id_fields clause
 requires that there is a registered TourAdmin anyway... which means that
 the user that you're restricting access to can already see *all* the Tour
 data. Ok, they may not be able to filter based on leader status, but data
 access is hardly a concern.

 I haven't been able to construct an example case where an implied
 limit_choices_to filter is required, where the data visibility implied by
 that filter exceeds that already required in order to make the admin work.

 The only way I can see that the value *might* be important (and this is
 looking longer term) is with per-object permissions -- especially if we
 start looking at "view" permissions. However, my gut tells me that this is
 something that should be handled as at the queryset level of the
 ModelAdmin, not as a 'allowed filter' check.

-- 
Ticket URL: <http://code.djangoproject.com/ticket/15103#comment:8>
Django <http://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To post to this group, send email to django-updates@googlegroups.com.
To unsubscribe from this group, send email to 
django-updates+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-updates?hl=en.