Skip to content

Creating a ChainedOneToOneField #230

New issue
New issue
Open
Open
Creating a ChainedOneToOneField#230
Labels
Feature request
@SrdjanCosicPrica

Description

@SrdjanCosicPrica
SrdjanCosicPrica
opened on Aug 2, 2017

All versions of django-smart-selects prior to version 1.2.8 are vulnerable to an XSS attack as detailed in issue 171. As a result, all previous versions have been removed from PyPI to prevent users from installing insecure versions. All users are urged to upgrade as soon as possible.

Checklist

Put an x in the bracket when you have completed each task, like this: [x]

  • This issue is not about installing previous versions of django-smart-selects older than 1.2.8. I understand that previous versions are insecure and will not receive any support whatsoever.
  • I have verified that that issue exists against the master branch of django-smart-selects.
  • I have searched for similar issues in both open and closed tickets and cannot find a duplicate.
  • I have debugged the issue to the smart_selects app.
  • I have reduced the issue to the simplest possible case.
  • I have included all relevant sections of models.py, forms.py, and views.py with problems.
  • I have used GitHub Flavored Markdown to style all of my posted code.

I tried finding a duplicate issue but I was surprised that I did not find one so it may be a possible duplicate.

Steps to reproduce

  1. Create class that needs a OneToOneField and be Chained.

Actual behavior

The FruitDestination class has the function: "All fruit of this type in this plantation should be sent to this destination"

class Plantation(models.Model):
	name = models.CharField(max_length=255)

class Plant(models.Model):
	plantation = models.ForeignKey(Plantation, related_name='plant', on_delete=models.CASCADE)

class Fruit(models.Model):
	plant = models.ForeignKey(Plant, related_name='fruit', on_delete=models.CASCADE)
    
class FruitDestination(models.Model):
	plantation = models.ForeignKey(Plantation, related_name='fruit_criteria', on_delete=models.CASCADE)
        destination = models.CharField(max_length=255)
        fruit = ChainedForeignKey(
        	Fruit,
                chained_field='plantation',
        	chained_model_field='plant__plantation',
        	show_all=False,
        	auto_choose=True,
        	sort=False,
        	unique=True,
        	related_name='fruit_destination',
        	on_delete=models.CASCADE

In python manage.py shell

>>>from fruit.models import Fruit
>>> Fruit.objects.all().first().fruit_destination.all().first()
<FruitDestination: FruitDestination object>

Expected behavior

class Plantation(models.Model):
	name = models.CharField(max_length=255)

class Plant(models.Model):
	plantation = models.ForeignKey(Plantation, related_name='plant', on_delete=models.CASCADE)

class Fruit(models.Model):
	plant = models.ForeignKey(Plant, related_name='fruit', on_delete=models.CASCADE)
    
class FruitDestination(models.Model):
	plantation = models.ForeignKey(Plantation, related_name='fruit_criteria', on_delete=models.CASCADE)
        destination = models.CharField(max_length=255)
        fruit = ChainedOneToOneField(
        	Fruit,
                chained_field='plantation',
        	chained_model_field='plant__plantation',
        	show_all=False,
        	auto_choose=True,
        	sort=False,
        	related_name='fruit_destination',
        	on_delete=models.CASCADE
    
>>>from fruit.models import Fruit
>>> Fruit.objects.all().first().fruit_destination
<FruitDestination: FruitDestination object>

Metadata

Metadata

Assignees

No one assigned

    Labels

    Feature request

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions