diff options
| author | Luke Plant <L.Plant.98@cantab.net> | 2011-01-28 14:08:25 +0000 |
|---|---|---|
| committer | Luke Plant <L.Plant.98@cantab.net> | 2011-01-28 14:08:25 +0000 |
| commit | c24bdf044ba23f2aa09ea4637a368ea86fd1c128 (patch) | |
| tree | 9e9afcb8dc6803205570e5e047539537528b9ea8 /django/contrib/admin/options.py | |
| parent | 22eaf77f9d3541e007d3e1b6292710bb6a016dff (diff) | |
Fixed #15103 - SuspiciousOperation with limit_choices_to and raw_id_fields
Thanks to natrius for the report.
This patch also fixes some unicode bugs in affected code.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15347 bcc190cf-cafb-0310-a4f2-bffc1f526a37
Diffstat (limited to 'django/contrib/admin/options.py')
| -rw-r--r-- | django/contrib/admin/options.py | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/django/contrib/admin/options.py b/django/contrib/admin/options.py index 4ad21eb42b..db445247d2 100644 --- a/django/contrib/admin/options.py +++ b/django/contrib/admin/options.py @@ -205,7 +205,16 @@ class BaseModelAdmin(object): qs = qs.order_by(*ordering) return qs - def lookup_allowed(self, lookup): + def lookup_allowed(self, lookup, value): + model = self.model + # Check FKey lookups that are allowed, so that popups produced by + # ForeignKeyRawIdWidget, on the basis of ForeignKey.limit_choices_to, + # are allowed to work. + for l in model._meta.related_fkey_lookups: + for k, v in widgets.url_params_from_lookup_dict(l).items(): + if k == lookup and v == value: + return True + parts = lookup.split(LOOKUP_SEP) # Last term in lookup is a query term (__exact, __startswith etc) @@ -217,7 +226,6 @@ class BaseModelAdmin(object): # if foo has been specificially included in the lookup list; so # drop __id if it is the last part. However, first we need to find # the pk attribute name. - model = self.model pk_attr_name = None for part in parts[:-1]: field, _, _, _ = model._meta.get_field_by_name(part) |
