summaryrefslogtreecommitdiff
path: root/docs/ref
diff options
context:
space:
mode:
authorsarahboyce <sarahvboyce95@gmail.com>2023-04-13 11:46:47 +0200
committerMariusz Felisiak <felisiak.mariusz@gmail.com>2023-04-17 14:09:38 +0200
commit594fcc2b7427f7baf2cf1a2d7cd2be61467df0c3 (patch)
tree9406ab96668239a7fbdee33f2efb93592db22b36 /docs/ref
parent57f2b935b34d148c3c0d906fc8256765004b7b77 (diff)
Fixed #22569 -- Made ModelAdmin.lookup_allowed() respect get_list_filter().
Thank you Simon Meers for the initial patch.
Diffstat (limited to 'docs/ref')
-rw-r--r--docs/ref/contrib/admin/index.txt15
1 files changed, 10 insertions, 5 deletions
diff --git a/docs/ref/contrib/admin/index.txt b/docs/ref/contrib/admin/index.txt
index e856f0b640..636d44c750 100644
--- a/docs/ref/contrib/admin/index.txt
+++ b/docs/ref/contrib/admin/index.txt
@@ -1845,7 +1845,7 @@ templates used by the :class:`ModelAdmin` views:
kwargs["formset"] = MyAdminFormSet
return super().get_changelist_formset(request, **kwargs)
-.. method:: ModelAdmin.lookup_allowed(lookup, value)
+.. method:: ModelAdmin.lookup_allowed(lookup, value, request)
The objects in the changelist page can be filtered with lookups from the
URL's query string. This is how :attr:`list_filter` works, for example. The
@@ -1855,10 +1855,11 @@ templates used by the :class:`ModelAdmin` views:
unauthorized data exposure.
The ``lookup_allowed()`` method is given a lookup path from the query string
- (e.g. ``'user__email'``) and the corresponding value
- (e.g. ``'user@example.com'``), and returns a boolean indicating whether
- filtering the changelist's ``QuerySet`` using the parameters is permitted.
- If ``lookup_allowed()`` returns ``False``, ``DisallowedModelAdminLookup``
+ (e.g. ``'user__email'``), the corresponding value
+ (e.g. ``'user@example.com'``), and the request, and returns a boolean
+ indicating whether filtering the changelist's ``QuerySet`` using the
+ parameters is permitted. If ``lookup_allowed()`` returns ``False``,
+ ``DisallowedModelAdminLookup``
(subclass of :exc:`~django.core.exceptions.SuspiciousOperation`) is raised.
By default, ``lookup_allowed()`` allows access to a model's local fields,
@@ -1870,6 +1871,10 @@ templates used by the :class:`ModelAdmin` views:
Override this method to customize the lookups permitted for your
:class:`~django.contrib.admin.ModelAdmin` subclass.
+ .. versionchanged:: 5.0
+
+ The ``request`` argument was added.
+
.. method:: ModelAdmin.has_view_permission(request, obj=None)
Should return ``True`` if viewing ``obj`` is permitted, ``False`` otherwise.