[Django] #16180: IGNORED_PARAMS customization
Django
-------------------------+-------------------------------
Reporter: msaelices | Owner: nobody
Type: New feature | Status: new
Milestone: | Component: contrib.admin
Version: SVN | Severity: Normal
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Easy pickings: 0
UI/UX: 0 |
-------------------------+-------------------------------
Several times you "hack" the admin interface and want to use extra GET
parameters.
Look at this example:
{{{
#!python
class FooModelAdmin(admin.ModelAdmin):
# ...
def get_list_display(self, request, extra_context=None):
if request.GET.has_key('hide_columns'):
return ('pk', )
return super(FooModelAdmin, self).get_list_display(request,
extra_context)
}}}
But this is impossible because the "hide_columns" GET parameter is not
allowed by security reasons. The allowed parameters ({{{IGNORED_PARAMS}}}
global variable) is hardcoded (look at
[source:django/trunk/django/contrib/admin/views/main.py#L29 this code]).
Should be good if you should configure this parameters. I don't know if a
new setting should be good or maybe a
{{{ChangeList.get_ignored_lookup_params()}}} method to do something like
that:
{{{
#!python
class FooChangeList(ChangeList):
def get_ignored_lookup_params(self):
return super(FooChangeList, self).get_ignored_lookup_params() +
['hide_columns']
}}}
Of course you can extends the {{{ChangeList}}} and override the
{{{ChangeList.get_lookup_params()}}} method but should be better of using
a special method for this useful thing.
--
Ticket URL: <https://code.djangoproject.com/ticket/16180>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
Django
---------------------------------------+-------------------------------
Type: New feature | Status: new
Milestone: | Component: contrib.admin
Version: SVN | Severity: Normal
Patch needs improvement: 0 | Easy pickings: 0
UI/UX: 0 |
---------------------------------------+-------------------------------
Changes (by msaelices):
* needs_better_patch: => 0
* needs_tests: => 0
* needs_docs: => 0
Comment:
The little patch in {{{django.contrib.admin.views.main}}} module would be
something like that:
{{{
#!python
ordering_fields[idx] = 'desc' if pfx == '-' else 'asc'
return ordering_fields
+ def get_ignored_lookup_params(self):
+ return IGNORED_PARAMS
+
def get_lookup_params(self, use_distinct=False):
lookup_params = self.params.copy() # a dictionary of the query
string
- for ignored in IGNORED_PARAMS:
+ for ignored in get_ignored_lookup_params():
if ignored in lookup_params:
del lookup_params[ignored]
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/16180#comment:1>
Django
---------------------------------------+-------------------------------
Type: New feature | Status: new
Milestone: | Component: contrib.admin
Version: SVN | Severity: Normal
Triage Stage: Accepted | Has patch: 1
UI/UX: 0 |
---------------------------------------+-------------------------------
Changes (by nnrcschmdt):
* has_patch: 0 => 1
* stage: Unreviewed => Accepted
Comment:
added patch.
--
Ticket URL: <https://code.djangoproject.com/ticket/16180#comment:2>
Django
---------------------------------------+-------------------------------
Type: New feature | Status: new
Milestone: | Component: contrib.admin
Version: SVN | Severity: Normal
Triage Stage: Accepted | Has patch: 1
Patch needs improvement: 0 | Easy pickings: 0
UI/UX: 0 |
---------------------------------------+-------------------------------
Changes (by russellm):
* needs_docs: 0 => 1
* needs_tests: 0 => 1
--
Ticket URL: <https://code.djangoproject.com/ticket/16180#comment:3>
Django
---------------------------------------+-------------------------------
Type: New feature | Status: new
Milestone: | Component: contrib.admin
Version: SVN | Severity: Normal
Triage Stage: Accepted | Has patch: 1
Needs documentation: 1 | Needs tests: 1
UI/UX: 0 |
---------------------------------------+-------------------------------
Comment (by msaelices):
nnrcschmdt I was working on this ticket. are you working on this too?
--
Ticket URL: <https://code.djangoproject.com/ticket/16180#comment:4>
Django
---------------------------------------+-------------------------------
Type: New feature | Status: new
Milestone: | Component: contrib.admin
Version: SVN | Severity: Normal
Triage Stage: Accepted | Has patch: 1
Needs documentation: 1 | Needs tests: 1
UI/UX: 0 |
---------------------------------------+-------------------------------
Comment (by nnrcschmdt):
No, no. Go ahead.
Please set the owner to yourself.
--
Ticket URL: <https://code.djangoproject.com/ticket/16180#comment:5>
Django
---------------------------------------+-------------------------------
Type: New feature | Status: new
Milestone: | Component: contrib.admin
Version: SVN | Severity: Normal
Triage Stage: Accepted | Has patch: 0
UI/UX: 0 |
---------------------------------------+-------------------------------
Changes (by msaelices):
* needs_docs: 1 => 0
* has_patch: 1 => 0
* needs_tests: 1 => 0
Comment:
I've included in the docs the
[https://code.djangoproject.com/attachment/ticket/16195/ticket_16195.diff
patch attached] to #16195 ticket because I need to make it sense.
--
Ticket URL: <https://code.djangoproject.com/ticket/16180#comment:6>
Django
---------------------------------------+-------------------------------
Type: New feature | Status: new
Milestone: | Component: contrib.admin
Version: SVN | Severity: Normal
Triage Stage: Accepted | Has patch: 1
UI/UX: 0 |
---------------------------------------+-------------------------------
Changes (by melinath):
* has_patch: 0 => 1
Comment:
I attached a patch with corrections to the docs for language and for
clarity. However, I wonder if this is really the solution? Really,
shouldn't lookup_params that aren't fields on the model always be ignored?
They certainly aren't security risks the same way as other items.
get_ignored_lookup_params should only be necessary if (for some reason)
there's a conflict between the name of the lookup field you want to handle
and one of the fields on the model.
--
Ticket URL: <https://code.djangoproject.com/ticket/16180#comment:7>
Django
-------------------------------+------------------------------------
Reporter: msaelices | Owner: nobody
Type: New feature | Status: new
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Easy pickings: 0 | UI/UX: 0
Changes (by Kamu):
* needs_better_patch: 0 => 1
--
Ticket URL: <https://code.djangoproject.com/ticket/16180#comment:8>
Django
---------------------------------+------------------------------------
Reporter: Manuel Saelices | Owner: nobody
Type: New feature | Status: new
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 1
Comment (by Vaskevich Aleksander):
Is there any movement on this ticket? May I offer my PR?
--
Ticket URL: <https://code.djangoproject.com/ticket/16180#comment:9>
Django
---------------------------------+--------------------------------------
Reporter: Manuel Saelices | Owner: nobody
Type: New feature | Status: closed
Component: contrib.admin | Version: dev
Severity: Normal | Resolution: wontfix
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Changes (by Mariusz Felisiak):
* status: new => closed
* needs_better_patch: 1 => 0
* has_patch: 1 => 0
* resolution: => wontfix
* stage: Accepted => Unreviewed
Comment:
It's been 12 years since the ticket was opened. As far as I'm aware, this
is rather niche and monkey patching a module constant is an acceptable
approach for the reported issue. It's not worth adding extra hooks.
--
Ticket URL: <https://code.djangoproject.com/ticket/16180#comment:10>