[Django] #35108: Have SingleObjectMixin.get_object handle ValidationError/ValueError
Django
-----------------------------------------+------------------------
Reporter: Alex Tomkins | Owner: nobody
Type: Uncategorized | Status: new
Component: Generic views | Version: 5.0
Severity: Normal | Keywords:
Triage Stage: Unreviewed | Has patch: 0
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 0
UI/UX: 0 |
-----------------------------------------+------------------------
Vaguely related ticket from 10 years ago(!) - #22303
Currently `get_object` in the Django admin handles
ValidationError/ValueError
https://github.com/django/django/blob/6e520d953773d25a3d3484db67feed446aca0bc1/django/contrib/admin/options.py#L896.
This is needed as the URL patterns for the Django admin are fairly relaxed
to handle objects where the ID/PK isn't an integer. However in the
scenario where a model does have a PK as an integer - this try/except
quietly turns invalid URLs (eg. a string into an integer field) into a
404.
I think the immediate thought for most people would be along the lines of:
fix your URLs to restrict/validate inputs.
However, if you've got a Django app that provides views/URLs for editing
users, you have to make the URL patterns fairly relaxed to allow for
multiple scenarios - one where a project stays with PK being an integer,
and the other where a project has PK being a string. An example of this is
Wagtail:
{{{
/admin/users/ wagtail.users.views.users.Index wagtailusers_users:index
/admin/users/<str:pk>/ wagtail.users.views.users.Edit
wagtailusers_users:edit
/admin/users/<str:pk>/delete/ wagtail.users.views.users.Delete
wagtailusers_users:delete
}}}
Unless you wrap every view with a try/except in get_object, it's fairly
easy to generate 500 errors (just visit /admin/users/hello/).
Should `get_object` handle these?
Should the functions in `django.shortcuts` also handle these?
--
Ticket URL: <https://code.djangoproject.com/ticket/35108>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
Django
Reporter: Alex Tomkins | Owner: nobody
Component: Generic views | Version: 5.0
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Changes (by Mariusz Felisiak):
* status: new => closed
* type: Uncategorized => New feature
* resolution: => wontfix
Comment:
> Should `get_object` handle these?
I don't think so, I've used class-based views in many projects and I've
never needed it. This is not something that you will need unless you use
some kind of models generalization. If you really need it, you can also
implement your own mixin that will overwrite `get_object()`.
> Should the functions in `django.shortcuts` also handle these?
This idea has already been rejected (as you noticed).
--
Ticket URL: <https://code.djangoproject.com/ticket/35108#comment:1>