diff options
author | sarahboyce <sarahvboyce95@gmail.com> | 2023-04-13 11:46:47 +0200 |
---|---|---|
committer | Mariusz Felisiak <felisiak.mariusz@gmail.com> | 2023-04-17 14:09:38 +0200 |
commit | 594fcc2b7427f7baf2cf1a2d7cd2be61467df0c3 (patch) | |
tree | 9406ab96668239a7fbdee33f2efb93592db22b36 /docs | |
parent | 57f2b935b34d148c3c0d906fc8256765004b7b77 (diff) | |
download | django-594fcc2b7427f7baf2cf1a2d7cd2be61467df0c3.tar.gz |
Fixed #22569 -- Made ModelAdmin.lookup_allowed() respect get_list_filter().
Thank you Simon Meers for the initial patch.
Diffstat (limited to 'docs')
-rw-r--r-- | docs/internals/deprecation.txt | 3 | ||||
-rw-r--r-- | docs/ref/contrib/admin/index.txt | 15 | ||||
-rw-r--r-- | docs/releases/5.0.txt | 4 |
3 files changed, 17 insertions, 5 deletions
diff --git a/docs/internals/deprecation.txt b/docs/internals/deprecation.txt index b151020375..168a5572c6 100644 --- a/docs/internals/deprecation.txt +++ b/docs/internals/deprecation.txt @@ -21,6 +21,9 @@ details on these changes. * Support for passing positional arguments to ``BaseConstraint`` will be removed. +* ``request`` will be required in the signature of + ``ModelAdmin.lookup_allowed()`` subclasses. + .. _deprecation-removed-in-5.1: 5.1 diff --git a/docs/ref/contrib/admin/index.txt b/docs/ref/contrib/admin/index.txt index e856f0b640..636d44c750 100644 --- a/docs/ref/contrib/admin/index.txt +++ b/docs/ref/contrib/admin/index.txt @@ -1845,7 +1845,7 @@ templates used by the :class:`ModelAdmin` views: kwargs["formset"] = MyAdminFormSet return super().get_changelist_formset(request, **kwargs) -.. method:: ModelAdmin.lookup_allowed(lookup, value) +.. method:: ModelAdmin.lookup_allowed(lookup, value, request) The objects in the changelist page can be filtered with lookups from the URL's query string. This is how :attr:`list_filter` works, for example. The @@ -1855,10 +1855,11 @@ templates used by the :class:`ModelAdmin` views: unauthorized data exposure. The ``lookup_allowed()`` method is given a lookup path from the query string - (e.g. ``'user__email'``) and the corresponding value - (e.g. ``'user@example.com'``), and returns a boolean indicating whether - filtering the changelist's ``QuerySet`` using the parameters is permitted. - If ``lookup_allowed()`` returns ``False``, ``DisallowedModelAdminLookup`` + (e.g. ``'user__email'``), the corresponding value + (e.g. ``'user@example.com'``), and the request, and returns a boolean + indicating whether filtering the changelist's ``QuerySet`` using the + parameters is permitted. If ``lookup_allowed()`` returns ``False``, + ``DisallowedModelAdminLookup`` (subclass of :exc:`~django.core.exceptions.SuspiciousOperation`) is raised. By default, ``lookup_allowed()`` allows access to a model's local fields, @@ -1870,6 +1871,10 @@ templates used by the :class:`ModelAdmin` views: Override this method to customize the lookups permitted for your :class:`~django.contrib.admin.ModelAdmin` subclass. + .. versionchanged:: 5.0 + + The ``request`` argument was added. + .. method:: ModelAdmin.has_view_permission(request, obj=None) Should return ``True`` if viewing ``obj`` is permitted, ``False`` otherwise. diff --git a/docs/releases/5.0.txt b/docs/releases/5.0.txt index 0d1e7ffda1..934da1bba9 100644 --- a/docs/releases/5.0.txt +++ b/docs/releases/5.0.txt @@ -387,6 +387,10 @@ Miscellaneous :class:`~django.db.models.BaseConstraint` is deprecated in favor of keyword-only arguments. +* ``request`` is added to the signature of :meth:`.ModelAdmin.lookup_allowed`. + Support for ``ModelAdmin`` subclasses that do not accept this argument is + deprecated. + Features removed in 5.0 ======================= |