| Age | Commit message (Collapse) | Author |
|
Co-authored-by: Jacob Walls <jacobtylerwalls@gmail.com>
|
|
When we adjusted UNKNOWN handling for CheckConstraint in refs #33996 we assumed
that all usage of Q.check would benefit from this approach.
However while CHECK constraints enforcement do ignore conditions involving NULL
that resolve to UNKNOWN it's not the case for other type of constraints such as
UNIQUE ones.
Given how UNKNOWN should be treated depends on the callers context it appears
that a better strategy for COALESCE wrapping is to force them to apply it if
necessary.
Thanks Drew Shapiro for the report.
|
|
Added new constant django.db.models.fields.BLANK_CHOICE_LABEL for
an accessible and translatable blank choice label in forms.
Deprecated django.db.models.fields.BLANK_CHOICE_DASH constant.
Added the immediately deprecated transitional setting
USE_BLANK_CHOICE_DASH.
Co-Authored-By: Marijke Luttekes <mail@marijkeluttekes.dev>
|
|
This is a more attractive target for alteration than all of QuerySet.__init__().
|
|
and random order_by strings.
Run this example:
```python
User.objects.values("is_staff").annotate(latest=Max("date_joined")).order_by("-latest").count()
```
You should see the following exception:
```
django.core.exceptions.FieldError: Cannot resolve keyword '-latest' into field.
```
Regression in 2ce5cb0f7a4618dfdc5f5c10e53e2e9b9543d298.
|
|
|
|
|
|
|
|
|
|
managers and related_names.
Clashes were only detected for self-referential relationships, i.e. ForeignKey("self").
Refs #22977. Bug in 6888375c53476011754f778deabc6cdbfa327011.
Thanks JaeHyuckSa for the thorough review!
|
|
Thanks Simon Charette and Tim Graham for reviews, and Jason Hall for a
prior iteration.
|
|
|
|
It has been superseded with .quote_name(), which ensures aliases are
always quoted.
|
|
This ensures all database identifiers are quoted independently of their orign
and most importantly that user provided aliases through annotate() and alias()
which paves the way for dropping the allow list of characters such aliases can
contain.
This will require adjustments to raw SQL interfaces such as RawSQL that might
make reference to ORM managed annotations as these will now be quoted.
The `SQLCompiler.quote_name_unless_alias` method is kept for now as an alias
for the newly introduced `.quote_name` method but will be duly deprecated in
a follow up commit.
|
|
This avoids two isinstance() calls per UUID value.
|
|
Oracle.
|
|
|
|
get_placeholder_sql.
The lack of ability of the get_placeholder call chain to return SQL and
parameters separated so they can be mogrified by the backend at execution time
forced implementations to dangerously interpolate potentially user controlled
values.
The get_placeholder_sql name was chosen due to its proximity to the previous
method, but other options such as Field.as_sql were considered but ultimately
rejected due to its different input signature compared to Expression.as_sql
that might have lead to confusion.
There is a lot of overlap between what Field.get_db_prep_value and
get_placeholder_sql do but folding the latter in the former would require
changing its return signature to return expression which is a way more invasive
change than what is proposed here.
Given we always call get_db_prep_value it might still be an avenue worth
exploring in the future to offer a publicly documented interface to allow field
to take an active part in the compilation chain.
Thanks Jacob for the review.
|
|
|
|
provided.
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
|
|
manager.get_queryset() always returns freshly instantiated per-instance
QuerySet which doesn't need subsequent cloning.
Based on work originally done by Anssi Kääriäinen and Tim Graham.
|
|
Multiple calls are idempotent assuming they're balanced. Also, multiple
calls to disable cloning followed by a single call to re-enable cloning
will subsequently cause clones to occur - it is not a stack, just a
toggle.
@contextlib.contextmanager is intentionally not used for performance
reasons:
- decorator takes 1.1µs to execute, or 2µs if used correctly in a
`with ...:` statement
- custom class takes 300ns to execute, or 900ns if used correctly in a
`with ...:` statement
Based on work originally done by Anssi Kääriäinen and Tim Graham.
|
|
|
|
It's useful on MongoDB.
|
|
|
|
Needed on MongoDB.
|
|
|
|
Thanks Simon Charette for the idea.
|
|
deferred annotations.
Provide a wrapper for safe introspection of user functions on Python 3.14+.
Follow-up to 601914722956cc41f1f2c53972d669ddee6ffc04.
|
|
default delimiter.
|
|
|
|
|
|
contain periods.
This prevents failures at the database layer, given that aliases in the
ON clause are not quoted.
Systematically quoting aliases even in FilteredRelation is tracked in
https://code.djangoproject.com/ticket/36795.
|
|
with periods.
Before, `order_by()` treated a period in a field name as a sign that it
was requested via `.extra(order_by=...)` and thus should be passed
through as raw table and column names, even if `extra()` was not used.
Since periods are permitted in aliases, this meant user-controlled
aliases could force the `order_by()` clause to resolve to a raw table
and column pair instead of the actual target field for the alias.
In practice, only `FilteredRelation` was affected, as the other
expressions we tested, e.g. `F`, aggressively optimize away the ordering
expressions into ordinal positions, e.g. ORDER BY 2, instead of ORDER BY
"table".column.
Thanks Solomon Kebede for the report, and Simon Charette and Jake Howard
for reviews.
|
|
control characters.
Control characters in FilteredRelation column aliases could be used for
SQL injection attacks. This affected QuerySet.annotate(), aggregate(),
extra(), values(), values_list(), and alias() when using dictionary
expansion with **kwargs.
Thanks Solomon Kebede for the report, and Simon Charette, Jacob Walls,
and Natalia Bidart for reviews.
|
|
Regression in 94680437a45a71c70ca8bd2e68b72aa1e2eff337. Refs #27222.
During INSERT operations, `field.pre_save()` is called to prepare values
for db insertion. The `add` param must be `True` for `auto_now_add`
fields to be populated. The regression commit passed `False`, causing
`auto_now_add` fields to remain `None` when used by other fields, such
as `upload_to` callables.
Thanks Ran Benita for the report.
|
|
Thanks Bob Kline for the review.
|
|
https://github.com/psf/black/releases/tag/26.1.0
|
|
values()/values_list() calls.
Signed-off-by: JaeHyuck Sa <wogur981208@gmail.com>
|
|
Signed-off-by: JaeHyuck Sa <wogur981208@gmail.com>
|
|
Co-authored-by: Simon Charette <charette.s@gmail.com>
|
|
Create and share a single instance of `DatabaseDefault` instead of making a new
one each time the lambda is called. The quick benchmark on the ticket shows a
~12% speedup for a large `bulk_create()` operation.
|
|
Thanks Adam Sołtysik for the implementation idea.
|
|
already-closed cursor.
|
|
Thanks Tim Graham for the suggestion.
|
|
Signed-off-by: JaeHyuck Sa <wogur981208@gmail.com>
|
|
Thanks Jacob Walls for the report.
|
|
The null argument has no effect on GeneratedField since the nullability
of the column depends on the database and expression used.
|
|
By trading ValueError for TypeError for omitted name arguments,
we gain a little clarity.
|
|
|