date:20150724

Re: [Django] #25142: Refactor access mixins to allow customisation

2015-07-24 Thread Django

#25142: Refactor access mixins to allow customisation
--+
 Reporter:  dfunckt   |Owner:  dfunckt
 Type:  Cleanup/optimization  |   Status:  assigned
Component:  contrib.auth  |  Version:  master
 Severity:  Normal|   Resolution:
 Keywords:| Triage Stage:  Accepted
Has patch:  1 |  Needs documentation:  1
  Needs tests:  1 |  Patch needs improvement:  0
Easy pickings:  1 |UI/UX:  0
--+

Comment (by MarkusH):

 Yes, pleas document the `has_permission` method.

--
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/065.f02393c53447677cdc96151f480febf6%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Django] #24525: AssertionError at `Query.change_aliases`

2015-07-24 Thread Django

#24525: AssertionError at `Query.change_aliases`
-+-
 Reporter:  coolRR   |Owner:  nobody
 Type:  Bug  |   Status:  new
Component:  Database layer   |  Version:  1.7
  (models, ORM)  |
 Severity:  Normal   |   Resolution:
 Keywords:   | Triage Stage:
 |  Unreviewed
Has patch:  0|  Needs documentation:  0
  Needs tests:  0|  Patch needs improvement:  0
Easy pickings:  0|UI/UX:  0
-+-
Changes (by kevmitch):

 * cc: kevmitch (added)


--
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/064.01ea4ae9fcdc506def0482d4800cf469%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Django] #24525: AssertionError at `Query.change_aliases`

2015-07-24 Thread Django

#24525: AssertionError at `Query.change_aliases`
-+-
 Reporter:  coolRR   |Owner:  nobody
 Type:  Bug  |   Status:  new
Component:  Database layer   |  Version:  1.7
  (models, ORM)  |
 Severity:  Normal   |   Resolution:
 Keywords:   | Triage Stage:
 |  Unreviewed
Has patch:  0|  Needs documentation:  0
  Needs tests:  0|  Patch needs improvement:  0
Easy pickings:  0|UI/UX:  0
-+-
Changes (by kevmitch):

 * status:  closed => new
 * resolution:  needsinfo =>


--
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/064.15f09a46436002ab7d44a25802b42a36%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Django] #24525: AssertionError at `Query.change_aliases`

2015-07-24 Thread Django

#24525: AssertionError at `Query.change_aliases`
-+-
 Reporter:  coolRR   |Owner:  nobody
 Type:  Bug  |   Status:  closed
Component:  Database layer   |  Version:  1.7
  (models, ORM)  |
 Severity:  Normal   |   Resolution:  needsinfo
 Keywords:   | Triage Stage:
 |  Unreviewed
Has patch:  0|  Needs documentation:  0
  Needs tests:  0|  Patch needs improvement:  0
Easy pickings:  0|UI/UX:  0
-+-

Comment (by kevmitch):

 In Django 1.8, with the models

 {{{
 #!python
 from django.db import models

 class Year(models.Model):
 date = models.DateField(auto_now_add=True)

 class Student(models.Model):
 year= models.ForeignKey('Year')
 number  = models.PositiveIntegerField()
 courses = models.ManyToManyField('Course')

 class Course(models.Model):
 year   = models.ForeignKey('Year')
 department = models.CharField(max_length=4)
 number = models.PositiveIntegerField()
 }}}

 the following

 {{{
 #!python
 course_instance.student_set.all() &
 year_instance.student_set.exclude(courses__in=[other_course_instance])
 }}}

 will raise
 {{{
 Traceback (most recent call last):
   File
 "/home/kevmitch/projects/apprentice/and_assertion_error/enrollment/tests.py",
 line 24, in test_and
 result = math101.student_set.all() &
 year.student_set.exclude(courses__in=[anth100])
   File
 "/home/kevmitch/projects/apprentice/apprentice/env/local/lib/python2.7
 /site-packages/django/db/models/query.py", line 211, in __and__
 combined.query.combine(other.query, sql.AND)
   File
 "/home/kevmitch/projects/apprentice/apprentice/env/local/lib/python2.7
 /site-packages/django/db/models/sql/query.py", line 556, in combine
 w.relabel_aliases(change_map)
   File
 "/home/kevmitch/projects/apprentice/apprentice/env/local/lib/python2.7
 /site-packages/django/db/models/sql/where.py", line 285, in
 relabel_aliases
 child.relabel_aliases(change_map)
   File
 "/home/kevmitch/projects/apprentice/apprentice/env/local/lib/python2.7
 /site-packages/django/db/models/sql/where.py", line 287, in
 relabel_aliases
 self.children[pos] = child.relabeled_clone(change_map)
   File
 "/home/kevmitch/projects/apprentice/apprentice/env/local/lib/python2.7
 /site-packages/django/db/models/lookups.py", line 185, in relabeled_clone
 new.rhs = new.rhs.relabeled_clone(relabels)
   File
 "/home/kevmitch/projects/apprentice/apprentice/env/local/lib/python2.7
 /site-packages/django/db/models/sql/query.py", line 329, in
 relabeled_clone
 clone.change_aliases(change_map)
   File
 "/home/kevmitch/projects/apprentice/apprentice/env/local/lib/python2.7
 /site-packages/django/db/models/sql/query.py", line 787, in change_aliases
 assert set(change_map.keys()).intersection(set(change_map.values()))
 == set()
 AssertionError
 }}}

 The tests of attached project demonstrates it in action.

 Essential elements for reproduction:

 * One of the querysets generated from related manager of the ManyToMany
 target
 * The other queryset is generated by exclude()ing on the ManyToManyField
 from the related manager of a "versioning" ForeignKey model

--
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/064.80bde147d893142c071366766a4e6b73%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Django] #24525: AssertionError at `Query.change_aliases`

2015-07-24 Thread Django

#24525: AssertionError at `Query.change_aliases`
-+-
 Reporter:  coolRR   |Owner:  nobody
 Type:  Bug  |   Status:  closed
Component:  Database layer   |  Version:  1.7
  (models, ORM)  |
 Severity:  Normal   |   Resolution:  needsinfo
 Keywords:   | Triage Stage:
 |  Unreviewed
Has patch:  0|  Needs documentation:  0
  Needs tests:  0|  Patch needs improvement:  0
Easy pickings:  0|UI/UX:  0
-+-
Changes (by kevmitch):

 * Attachment "and_assertion_error.zip" added.

 minimal example project exhibiting the error

--
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/064.2a357a021d7b99173ede76f04e97f0eb%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Django] #17215: runtests doesn't clean up all temp files all the time

2015-07-24 Thread Django

#17215: runtests doesn't clean up all temp files all the time
---+
 Reporter:  kmtracey   |Owner:  nobody
 Type:  Bug|   Status:  closed
Component:  Testing framework  |  Version:
 Severity:  Normal |   Resolution:  fixed
 Keywords: | Triage Stage:  Accepted
Has patch:  0  |  Needs documentation:  0
  Needs tests:  0  |  Patch needs improvement:  0
Easy pickings:  0  |UI/UX:  0
---+

Comment (by aaugustin):

 I should have closed this bug with
 934400759de817471ff37d736686201d7ae34e82.

--
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/066.267d15b1190c2db7373fe37e58190f2a%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Django] #25161: Don't encourage new users to install the development version in the quick install

2015-07-24 Thread Django

#25161: Don't encourage new users to install the development version in the 
quick
install
--+
 Reporter:  alasdairnicol |Owner:  nobody
 Type:  Cleanup/optimization  |   Status:  closed
Component:  Documentation |  Version:  master
 Severity:  Normal|   Resolution:  fixed
 Keywords:| Triage Stage:  Accepted
Has patch:  0 |  Needs documentation:  0
  Needs tests:  0 |  Patch needs improvement:  0
Easy pickings:  0 |UI/UX:  0
--+
Changes (by Tim Graham ):

 * status:  new => closed
 * resolution:   => fixed


Comment:

 In [changeset:"600fb7c51b22bc0d9138f580bb5e5abcfedc76ee" 600fb7c5]:
 {{{
 #!CommitTicketReference repository=""
 revision="600fb7c51b22bc0d9138f580bb5e5abcfedc76ee"
 Fixed #25161 -- Encouraged users to install the latest release in docs
 }}}

--
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/071.6bc390c22bb06bce141f0092df562dfd%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Django] #25161: Don't encourage new users to install the development version in the quick install

2015-07-24 Thread Django

#25161: Don't encourage new users to install the development version in the 
quick
install
--+
 Reporter:  alasdairnicol |Owner:  nobody
 Type:  Cleanup/optimization  |   Status:  closed
Component:  Documentation |  Version:  master
 Severity:  Normal|   Resolution:  fixed
 Keywords:| Triage Stage:  Accepted
Has patch:  0 |  Needs documentation:  0
  Needs tests:  0 |  Patch needs improvement:  0
Easy pickings:  0 |UI/UX:  0
--+

Comment (by Tim Graham ):

 In [changeset:"82418a5d6df25f6714e9da5922e2d8187e687a6f" 82418a5]:
 {{{
 #!CommitTicketReference repository=""
 revision="82418a5d6df25f6714e9da5922e2d8187e687a6f"
 [1.8.x] Fixed #25161 -- Encouraged users to install the latest release in
 docs

 Backport of 600fb7c51b22bc0d9138f580bb5e5abcfedc76ee from master
 }}}

--
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/071.95e28ffcfd9cdd1f2ff87bee244be6db%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Django] #22258: Show progress during dumpdata

2015-07-24 Thread Django

#22258: Show progress during dumpdata
-+-
 Reporter:  Gwildor  |Owner:  mrfuxi
 Type:  New feature  |   Status:  closed
Component:  Core (Management |  Version:  master
  commands)  |
 Severity:  Normal   |   Resolution:  fixed
 Keywords:   | Triage Stage:  Ready for
 |  checkin
Has patch:  1|  Needs documentation:  0
  Needs tests:  0|  Patch needs improvement:  0
Easy pickings:  0|UI/UX:  0
-+-
Changes (by Claude Paroz ):

 * status:  assigned => closed
 * resolution:   => fixed


Comment:

 In [changeset:"c296e55dc6a697c7e4d4be92b954633cda4a79b1" c296e55]:
 {{{
 #!CommitTicketReference repository=""
 revision="c296e55dc6a697c7e4d4be92b954633cda4a79b1"
 Fixed #22258 -- Added progress status for dumpdata when outputting to file

 Thanks Gwildor Sok for the report and Tim Graham for the review.
 }}}

--
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/065.5fae80e4cc0751b584946904accc42f7%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Django] #25142: Refactor access mixins to allow customisation

2015-07-24 Thread Django

#25142: Refactor access mixins to allow customisation
--+
 Reporter:  dfunckt   |Owner:  dfunckt
 Type:  Cleanup/optimization  |   Status:  assigned
Component:  contrib.auth  |  Version:  master
 Severity:  Normal|   Resolution:
 Keywords:| Triage Stage:  Accepted
Has patch:  1 |  Needs documentation:  1
  Needs tests:  1 |  Patch needs improvement:  0
Easy pickings:  1 |UI/UX:  0
--+

Comment (by dfunckt):

 The point is to allow extensibility, indeed -- my comment was more about
 asking for a decision to be made, placing a couple counter arguments along
 the way. Hadn't see that AccessMixin was already documented, so I think
 that also documenting has_permission is the way to go. I will update the
 PR later.

--
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/065.ffe590695909acd4f00e00cbcf39ec92%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Django] #25142: Refactor access mixins to allow customisation

2015-07-24 Thread Django

#25142: Refactor access mixins to allow customisation
--+
 Reporter:  dfunckt   |Owner:  dfunckt
 Type:  Cleanup/optimization  |   Status:  assigned
Component:  contrib.auth  |  Version:  master
 Severity:  Normal|   Resolution:
 Keywords:| Triage Stage:  Accepted
Has patch:  1 |  Needs documentation:  1
  Needs tests:  1 |  Patch needs improvement:  0
Easy pickings:  1 |UI/UX:  0
--+

Comment (by timgraham):

 `AccessMixin`
 
[https://github.com/django/django/blob/03aec35a12ea522ab9a60d6229b53e3ec3a871a3/docs/topics/auth/default.txt#L721-L753
 is documented]. I thought the point of this change was to improve
 extensibility or was it just meant as an internal cleanup?

--
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/065.f9a1a1241f3b3274aa5bc2d768b87ec5%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Django] #25169: Document "stacking" of login_required and permission_required (was: permission_required decorator should only redirect to 403 if user is logged in)

2015-07-24 Thread Django

#25169: Document "stacking" of login_required and permission_required
--+
 Reporter:  aithusa   |Owner:  nobody
 Type:  Cleanup/optimization  |   Status:  new
Component:  Documentation |  Version:  1.8
 Severity:  Normal|   Resolution:
 Keywords:| Triage Stage:  Accepted
Has patch:  0 |  Needs documentation:  0
  Needs tests:  0 |  Patch needs improvement:  0
Easy pickings:  0 |UI/UX:  0
--+
Changes (by timgraham):

 * component:  Uncategorized => Documentation
 * type:  Uncategorized => Cleanup/optimization
 * stage:  Unreviewed => Accepted


Comment:

 Sure, care to offer a patch?

--
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/065.30417389cb245127e84d6672a8e770f9%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Django] #19427: Lacking Documentation on Custom Related Fields Pre-Save Override

2015-07-24 Thread Django

#19427: Lacking Documentation on Custom Related Fields Pre-Save Override
--+
 Reporter:  s.shanabrook@…|Owner:
 Type:  Cleanup/optimization  |   Status:  closed
Component:  Documentation |  Version:  1.4
 Severity:  Normal|   Resolution:  wontfix
 Keywords:| Triage Stage:  Accepted
Has patch:  0 |  Needs documentation:  0
  Needs tests:  0 |  Patch needs improvement:  0
Easy pickings:  0 |UI/UX:  0
--+
Changes (by timgraham):

 * status:  new => closed
 * resolution:   => wontfix


Comment:

 Not sure what to do here as `attname` isn't referenced in the linked doc
 (maybe it's since been removed). This seems in the realm of private API
 anyway.

--
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/080.5d7374420c38000b72ab14541f8f0175%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Django] #25142: Refactor access mixins to allow customisation

2015-07-24 Thread Django

#25142: Refactor access mixins to allow customisation
--+
 Reporter:  dfunckt   |Owner:  dfunckt
 Type:  Cleanup/optimization  |   Status:  assigned
Component:  contrib.auth  |  Version:  master
 Severity:  Normal|   Resolution:
 Keywords:| Triage Stage:  Accepted
Has patch:  1 |  Needs documentation:  1
  Needs tests:  1 |  Patch needs improvement:  0
Easy pickings:  1 |UI/UX:  0
--+

Comment (by dfunckt):

 Hi Tim, if by "document" you mean "public API" then it depends on whether
 these mixins are intended to be extended. There's no reason one would call
 the method unless wanting to customise the mixin somehow and
 `UserPassesTestMixin` isn't enough. Apart from checking for object
 permissions, I can't think of other reasons to extend though, and that
 includes my experience with the respective function decorators -- access
 customisation is usually done with auth backends.

 Regarding tests, the only meaningful test for these changes I guess would
 be to test that `has_permission` raises an exception if not provided.

--
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/065.7bc8e7ba8c0c55207ccd9f5fe0762ffc%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Django] #25161: Don't encourage new users to install the development version in the quick install

2015-07-24 Thread Django

#25161: Don't encourage new users to install the development version in the
quick
install
--+
Reporter: alasdairnicol |Owner: nobody
Type: Cleanup/optimization | Status: new
Component: Documentation | Version: master
Severity: Normal| Resolution:
Keywords:| Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 |UI/UX: 0
--+

Comment (by alasdairnicol):

I've made a pull request https://github.com/django/django/pull/5040

I'm not sure I've got the wording quite right. I will be away for a couple
of weeks, so might not be able to respond to the ticket or update it.

Carl, I understand your point that running code against master is useful,
so I left that option in. On the other hand, you want a good experience
for new users. It's hard to get the balance right, hopefully the patch is
a step in the right direction.

--
Ticket URL:
Django
The Web framework for perfectionists with deadlines.

--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/071.302656dd207eb18c787f9766cd12a6a4%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Django] #25136: Add an example with Count('X', distinct=True) to the queries topic guide (was: Multiple annotations result in wrong results with MySQL backend)

2015-07-24 Thread Django

#25136: Add an example with Count('X', distinct=True) to the queries topic guide
--+
 Reporter:  mdomans   |Owner:  nobody
 Type:  Cleanup/optimization  |   Status:  new
Component:  Documentation |  Version:  1.8
 Severity:  Normal|   Resolution:
 Keywords:| Triage Stage:  Accepted
Has patch:  0 |  Needs documentation:  0
  Needs tests:  0 |  Patch needs improvement:  0
Easy pickings:  1 |UI/UX:  0
--+
Changes (by timgraham):

 * component:  Database layer (models, ORM) => Documentation
 * stage:  Unreviewed => Accepted
 * type:  Bug => Cleanup/optimization
 * easy:  0 => 1


--
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/065.5144cd872fbdb27b22ddcbbc20d9ddbb%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Django] #25169: permission_required decorator should only redirect to 403 if user is logged in

2015-07-24 Thread Django

#25169: permission_required decorator should only redirect to 403 if user is 
logged
in
---+--
 Reporter:  aithusa|Owner:  nobody
 Type:  Uncategorized  |   Status:  new
Component:  Uncategorized  |  Version:  1.8
 Severity:  Normal |   Resolution:
 Keywords: | Triage Stage:  Unreviewed
Has patch:  0  |  Needs documentation:  0
  Needs tests:  0  |  Patch needs improvement:  0
Easy pickings:  0  |UI/UX:  0
---+--

Comment (by aithusa):

 That's what I did eventually after some googling. If this is not possible
 to add/fix, would it be possible to putting this on the documentation as I
 expect quite a few people would like to have such behaviour. Cheers.

--
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/065.656d900c8c757b38e6389eb179a11646%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Django] #25034: Convert caches ImproperlyConfigured error to a system check (was: Remove attempts to access settings at import time)

2015-07-24 Thread Django

#25034: Convert caches ImproperlyConfigured error to a system check
--+
 Reporter:  evansd|Owner:  nobody
 Type:  Cleanup/optimization  |   Status:  new
Component:  Core (System checks)  |  Version:  master
 Severity:  Normal|   Resolution:
 Keywords:| Triage Stage:  Accepted
Has patch:  0 |  Needs documentation:  0
  Needs tests:  0 |  Patch needs improvement:  0
Easy pickings:  0 |UI/UX:  0
--+
Changes (by timgraham):

 * needs_better_patch:  1 => 0
 * has_patch:  1 => 0
 * component:  Core (Other) => Core (System checks)


--
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/064.8390d7ab6696ba331018a6d9e34544b1%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Django] #25136: Multiple annotations result in wrong results with MySQL backend

2015-07-24 Thread Django

#25136: Multiple annotations result in wrong results with MySQL backend
-+-
 Reporter:  mdomans  |Owner:  nobody
 Type:  Bug  |   Status:  new
Component:  Database layer   |  Version:  1.8
  (models, ORM)  |
 Severity:  Normal   |   Resolution:
 Keywords:   | Triage Stage:
 |  Unreviewed
Has patch:  0|  Needs documentation:  0
  Needs tests:  0|  Patch needs improvement:  0
Easy pickings:  0|UI/UX:  0
-+-

Comment (by mdomans):

 Yes, it does though it's rather unobvious.

--
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/065.22fab0d11b791e7f52a6f6e81e2f28cb%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Django] #20705: Allow customizing the email field name for PasswordResetForm

2015-07-24 Thread Django

#20705: Allow customizing the email field name for PasswordResetForm
--+
 Reporter:  Cloudream |Owner:  nobody
 Type:  New feature   |   Status:  new
Component:  contrib.auth  |  Version:  master
 Severity:  Normal|   Resolution:
 Keywords:| Triage Stage:  Accepted
Has patch:  0 |  Needs documentation:  0
  Needs tests:  0 |  Patch needs improvement:  0
Easy pickings:  0 |UI/UX:  0
--+
Changes (by timgraham):

 * Attachment "20705-initial.diff" added.


--
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/067.d5e1c82e49e2df57810993568a594c77%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Django] #20705: Allow customizing the email field name for PasswordResetForm

2015-07-24 Thread Django

#20705: Allow customizing the email field name for PasswordResetForm
--+
 Reporter:  Cloudream |Owner:  nobody
 Type:  New feature   |   Status:  new
Component:  contrib.auth  |  Version:  master
 Severity:  Normal|   Resolution:
 Keywords:| Triage Stage:  Accepted
Has patch:  0 |  Needs documentation:  0
  Needs tests:  0 |  Patch needs improvement:  0
Easy pickings:  0 |UI/UX:  0
--+

Comment (by timgraham):

 No, I think it's still an issue. I'll attach a patch with a sketch of the
 code changes.

--
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/067.73ef940f14fe00db98363f581b09b7a3%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Django] #24623: AttributeError when trying to send an utf-8 encoded email with text attachments (mime type: text/*)

2015-07-24 Thread Django

#24623: AttributeError when trying to send an utf-8 encoded email with text
attachments (mime type: text/*)
-+-
 Reporter:  tkrapp   |Owner:  kswiat
 Type:  Bug  |   Status:  assigned
Component:  Core (Mail)  |  Version:  1.7
 Severity:  Normal   |   Resolution:
 Keywords:  email python3| Triage Stage:  Accepted
  SafeMIMEText MIMEText attach_file  |
Has patch:  1|  Needs documentation:  0
  Needs tests:  0|  Patch needs improvement:  0
Easy pickings:  0|UI/UX:  0
-+-
Changes (by kswiat):

 * needs_better_patch:  1 => 0


--
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/064.449502b4498ca4f2ecf823b6fa48538b%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Django] #25142: Refactor access mixins to allow customisation

2015-07-24 Thread Django

#25142: Refactor access mixins to allow customisation
--+
 Reporter:  dfunckt   |Owner:  dfunckt
 Type:  Cleanup/optimization  |   Status:  assigned
Component:  contrib.auth  |  Version:  master
 Severity:  Normal|   Resolution:
 Keywords:| Triage Stage:  Accepted
Has patch:  1 |  Needs documentation:  1
  Needs tests:  1 |  Patch needs improvement:  0
Easy pickings:  1 |UI/UX:  0
--+
Changes (by timgraham):

 * needs_docs:  0 => 1


Comment:

 I'm not sure that we need tests, but should we document the
 `has_permission()` method?

--
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/065.375262a9a276d285579811bb047db22b%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Django] #16068: Ease access to request headers

2015-07-24 Thread Django

#16068: Ease access to request headers
---+-
 Reporter:  jgorset|Owner:  jgorset
 Type:  New feature|   Status:  closed
Component:  HTTP handling  |  Version:  1.3
 Severity:  Normal |   Resolution:  duplicate
 Keywords:  headers| Triage Stage:  Accepted
Has patch:  0  |  Needs documentation:  0
  Needs tests:  0  |  Patch needs improvement:  0
Easy pickings:  0  |UI/UX:  0
---+-
Changes (by timgraham):

 * status:  assigned => closed
 * resolution:   => duplicate


Comment:

 Duplicate of #20147 which has more discussion.

--
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/065.faf1bde8fb7ecf0b9643ef4fe769a884%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Django] #20147: Provide an alternative to request.META for accessing HTTP headers

2015-07-24 Thread Django

#20147: Provide an alternative to request.META for accessing HTTP headers
---+
 Reporter:  lukeplant  |Owner:  nobody
 Type:  New feature|   Status:  new
Component:  HTTP handling  |  Version:  1.5
 Severity:  Normal |   Resolution:
 Keywords: | Triage Stage:  Accepted
Has patch:  0  |  Needs documentation:  0
  Needs tests:  0  |  Patch needs improvement:  0
Easy pickings:  0  |UI/UX:  0
---+

Comment (by timgraham):

 See #16068 for a duplicate.

--
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/067.b4bc38fbd7afe79734ed71a64fb565a8%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Django] #25037: Add request.user to the debug view (was: Addition to functions http.requests.build_request_repr)

2015-07-24 Thread Django

#25037: Add request.user to the debug view
-+
 Reporter:  djbaldey |Owner:  nobody
 Type:  New feature  |   Status:  new
Component:  Error reporting  |  Version:  master
 Severity:  Normal   |   Resolution:
 Keywords:   | Triage Stage:  Accepted
Has patch:  1|  Needs documentation:  0
  Needs tests:  1|  Patch needs improvement:  1
Easy pickings:  1|UI/UX:  0
-+
Changes (by timgraham):

 * component:  HTTP handling => Error reporting
 * easy:  0 => 1


Comment:

 It seems the new alternative would be to add it to
 `views.debug.TECHNICAL_500_TEMPLATE` and `TECHNICAL_500_TEXT_TEMPLATE`
 under "Request information".

--
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/066.0c50afa5ed715608b8b4a883588292b6%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Django] #21793: Require specific versions of test suite's Python dependencies?

2015-07-24 Thread Django

#21793: Require specific versions of test suite's Python dependencies?
-+-
 Reporter:  JustinTArthur|Owner:  nobody
 Type:   |   Status:  closed
  Cleanup/optimization   |
Component:  Testing framework|  Version:  master
 Severity:  Normal   |   Resolution:  wontfix
 Keywords:  testing,test | Triage Stage:  Accepted
  suite,continuous   |
  integration,ci,dependencies,pip,pypi|
Has patch:  0|  Needs documentation:  0
  Needs tests:  0|  Patch needs improvement:  0
Easy pickings:  0|UI/UX:  0
-+-
Changes (by timgraham):

 * status:  new => closed
 * resolution:   => wontfix


Comment:

 18 months later, the status quo seems okay to me. When there are new
 versions of dependencies that don't work with older versions of Django, we
 add specific version requirements at that time.

--
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/071.27aa4a077ef382612ada9ef6c5849d31%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Django] #24607: dumpdata (with natural keys) / loaddata failure for model inheriting from User

2015-07-24 Thread Django

#24607: dumpdata (with natural keys) / loaddata failure for model inheriting 
from
User
--+
 Reporter:  denys-duchier |Owner:  nobody
 Type:  Bug   |   Status:  new
Component:  Core (Serialization)  |  Version:  1.8
 Severity:  Normal|   Resolution:
 Keywords:| Triage Stage:  Accepted
Has patch:  1 |  Needs documentation:  0
  Needs tests:  0 |  Patch needs improvement:  1
Easy pickings:  0 |UI/UX:  0
--+
Changes (by timgraham):

 * needs_better_patch:  0 => 1


Comment:

 Waiting for a response from the reporter on the pull request, but it seems
 to me the issue is that `use_natural_primary_keys` is not compatible with
 serializing multi-table inheritance models since the child models require
 the primary key to be linked to their parent. I'm not sure that adding a
 lot of complexity to essential "undo" the option for the affected models
 is worth it. Could we simply document the limitation?

--
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/071.9dfdeb6ff1d344b8fb20e09cc12378bb%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Django] #17215: runtests doesn't clean up all temp files all the time

2015-07-24 Thread Django

#17215: runtests doesn't clean up all temp files all the time
---+
 Reporter:  kmtracey   |Owner:  nobody
 Type:  Bug|   Status:  closed
Component:  Testing framework  |  Version:
 Severity:  Normal |   Resolution:  fixed
 Keywords: | Triage Stage:  Accepted
Has patch:  0  |  Needs documentation:  0
  Needs tests:  0  |  Patch needs improvement:  0
Easy pickings:  0  |UI/UX:  0
---+
Changes (by timgraham):

 * status:  new => closed
 * resolution:   => fixed


Comment:

 `/tmp` on the CI servers has stayed clean for some time.

--
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/066.c0d5816bad053bd91415df1fb0c1a03d%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Django] #13664: Enable admin permission checks from outside the ModelAdmin (was: Enable admin permission checks from outside the ModelAdmin [PATCH])

2015-07-24 Thread Django

#13664: Enable admin permission checks from outside the ModelAdmin
-+
 Reporter:  sebastian_noack  |Owner:  nobody
 Type:  New feature  |   Status:  new
Component:  contrib.admin|  Version:  master
 Severity:  Normal   |   Resolution:
 Keywords:   | Triage Stage:  Accepted
Has patch:  1|  Needs documentation:  1
  Needs tests:  1|  Patch needs improvement:  0
Easy pickings:  0|UI/UX:  0
-+
Changes (by timgraham):

 * version:  1.2 => master


--
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/073.2cdc93bd2555384694ab0048fb3b2600%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Django] #16193: Use qunit to test javascript in django source

2015-07-24 Thread Django

#16193: Use qunit to test javascript in django source
-+-
 Reporter:  mbraak@… |Owner:  slurms
 Type:  New feature  |   Status:  closed
Component:  Testing framework|  Version:  master
 Severity:  Normal   |   Resolution:  fixed
 Keywords:  testing javascript   | Triage Stage:  Accepted
  qunit  |
Has patch:  1|  Needs documentation:  1
  Needs tests:  0|  Patch needs improvement:  1
Easy pickings:  0|UI/UX:  0
-+-
Changes (by timgraham):

 * status:  assigned => closed
 * resolution:   => fixed


Comment:

 In 2d0dead224b6448072b72b37d2fbcc8dc3afa007:

 DEP 0003 -- Added JavaScript unit tests.

 Setup QUnit, added tests, and measured test coverage.

 Thanks to Nick Sanford for the initial tests.

--
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/079.41a37a9c32f208bccd60ba4f7d5913d8%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Django] #25162: Internationalization of static JS

2015-07-24 Thread Django

#25162: Internationalization of static JS
-+-
 Reporter:  RignonNoel   |Owner:  nobody
 Type:  Uncategorized|   Status:  closed
Component:   |  Version:  1.8
  Internationalization   |
 Severity:  Normal   |   Resolution:  invalid
 Keywords:   | Triage Stage:
 |  Unreviewed
Has patch:  0|  Needs documentation:  0
  Needs tests:  0|  Patch needs improvement:  0
Easy pickings:  0|UI/UX:  0
-+-

Comment (by RignonNoel):

 No, it is me who thank you.  You do a very good work ;)

 Sorry for the bad ticket, thanks again !

--
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/068.4d50a038c9bcc8488b9c66b706409ea2%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Django] #15220: replace SelectFilter2.js with a jQuery plugin

2015-07-24 Thread Django

#15220: replace SelectFilter2.js with a jQuery plugin
-+-
 Reporter:  slurms   |Owner:  dbunskoek
 Type:   |   Status:  new
  Cleanup/optimization   |
Component:  contrib.admin|  Version:  master
 Severity:  Normal   |   Resolution:
 Keywords:   | Triage Stage:  Accepted
Has patch:  1|  Needs documentation:  0
  Needs tests:  0|  Patch needs improvement:  1
Easy pickings:  0|UI/UX:  1
-+-

Comment (by timgraham):

 [https://github.com/django/django/pull/4701 PR 4701] is the latest effort
 on this if someone is interested in updating it.

--
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/064.a67501e4c136a6e3bbdcee2067770b43%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Django] #25030: The /admin/login/ should observe external authentication even when it appears in POST

2015-07-24 Thread Django

Comment (by carljm):

It looks to me like this could also be addressed by using a custom
AdminSite, overriding the login method, and doing a non-method-specific
check for if the user is authenticated in the wrapper.

I don't think the method check should be removed from the default
implementation. An incoming POST should be treated as a login attempt, not
redirected if the user is already authenticated.

The current implementation handles the by far most common case correctly
out of the box, and makes it possible to meet unusual requirements with a
bit of custom code. That's the most that can be asked of a framework.

I think this ticket should be closed with no changes to Django.

--
Ticket URL:
Django
The Web framework for perfectionists with deadlines.

--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/065.c43a7f11e9416c667a344ae040decd92%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Django] #25030: The /admin/login/ should observe external authentication even when it appears in POST

2015-07-24 Thread Django

#25030: The /admin/login/ should observe external authentication even when it
appears in POST
--+
 Reporter:  adelton   |Owner:  nobody
 Type:  New feature   |   Status:  new
Component:  contrib.auth  |  Version:  master
 Severity:  Normal|   Resolution:
 Keywords:| Triage Stage:  Accepted
Has patch:  1 |  Needs documentation:  0
  Needs tests:  0 |  Patch needs improvement:  1
Easy pickings:  0 |UI/UX:  0
--+

Comment (by carljm):

 Sorry, ignore the comment about login via GET and login CSRF; I was
 misunderstanding the nature of the GET bs POST issue.

--
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/065.2fe014f2c36728cea70dcbe2839983b5%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Django] #25030: The /admin/login/ should observe external authentication even when it appears in POST

2015-07-24 Thread Django

Comment (by carljm):

This use case seems highly specialized to me; we should make it possible,
but it doesn't need to work out of the box and certainly doesn't provide
any justification for wide-ranging changes in the design of contrib.auth.

Allowing login via GET request seems like a recipe for login CSRF attacks,
so I don't think the admin should generally be modified to allow that.

Can you just configure Apache to redirect after it intercepts a login?
That seems like the most straightforward approach here.

--
Ticket URL:
Django
The Web framework for perfectionists with deadlines.

--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/065.79e73901e99c14299d41b84b4126f23a%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Django] #25171: Can't update queryset after Count annotation

2015-07-24 Thread Django

#25171: Can't update queryset after Count annotation
-+-
 Reporter:  fraserharris |Owner:  nobody
 Type:  Bug  |   Status:  new
Component:  Database layer   |  Version:  1.6
  (models, ORM)  |
 Severity:  Normal   |   Resolution:
 Keywords:  queryset, update,| Triage Stage:  Accepted
  annotate, count|
Has patch:  0|  Needs documentation:  0
  Needs tests:  0|  Patch needs improvement:  0
Easy pickings:  0|UI/UX:  0
-+-

Comment (by zauddelig):

 This would be legit

 {{{
 categories = Category.objects.annotate(Count('tiles'))
 #  some code
 categories.update(name='foo')
 }}}

--
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/070.6ec2e9dac2bec2416022e4bfe498139a%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Django] #25163: When a user doesn't have permission to an admin page, raise 404 instead of redirecting to login

2015-07-24 Thread Django

#25163: When a user doesn't have permission to an admin page, raise 404 instead 
of
redirecting to login
--+
 Reporter:  adelton   |Owner:
 Type:  Cleanup/optimization  |   Status:  new
Component:  contrib.admin |  Version:  master
 Severity:  Normal|   Resolution:
 Keywords:| Triage Stage:  Accepted
Has patch:  0 |  Needs documentation:  0
  Needs tests:  0 |  Patch needs improvement:  0
Easy pickings:  0 |UI/UX:  0
--+

Comment (by kswiat):

 Hiding urls might be tricky, e.g. `i18n_patterns` could be used to reveal
 url existance.

--
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/065.7f88c4036c5d6cc1c65119357451b88c%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Django] #25171: Can't update queryset after Count annotation

2015-07-24 Thread Django

#25171: Can't update queryset after Count annotation
-+-
 Reporter:  fraserharris |Owner:  nobody
 Type:  Bug  |   Status:  new
Component:  Database layer   |  Version:  1.6
  (models, ORM)  |
 Severity:  Normal   |   Resolution:
 Keywords:  queryset, update,| Triage Stage:  Accepted
  annotate, count|
Has patch:  0|  Needs documentation:  0
  Needs tests:  0|  Patch needs improvement:  0
Easy pickings:  0|UI/UX:  0
-+-

Comment (by carljm):

 Replying to [comment:4 shaib]:
 > For the query given in the report:
 > {{{
 > Category.objects.annotate(Count('tiles')).update(name='foo')
 > }}}
 > I would like to see a warning (if not an error) because the annotation
 is "dead code" and probably a bug.

 Sure, but unless that falls out naturally in an implementation that
 supports the useful cases, I think it's firmly in nice-to-have territory.
 An implementation that let this pass silently wouldn't bother or surprise
 me at all.

--
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/070.6113a4fbb1da5dae2de4ab62c7309053%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Django] #25163: When a user doesn't have permission to an admin page, raise 404 instead of redirecting to login

2015-07-24 Thread Django

#25163: When a user doesn't have permission to an admin page, raise 404 instead 
of
redirecting to login
--+
 Reporter:  adelton   |Owner:
 Type:  Cleanup/optimization  |   Status:  new
Component:  contrib.admin |  Version:  master
 Severity:  Normal|   Resolution:
 Keywords:| Triage Stage:  Accepted
Has patch:  0 |  Needs documentation:  0
  Needs tests:  0 |  Patch needs improvement:  0
Easy pickings:  0 |UI/UX:  0
--+

Comment (by carljm):

 (Fwiw I don't believe that I have ever included a public admin link in any
 Django project I've worked on. Usually I put the admin at a less
 predictable irk, and give that url directly to the few people who need to
 use it.)

--
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/065.5981c0d2e784985a46149b2c7930dc8a%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Django] #25163: When a user doesn't have permission to an admin page, raise 404 instead of redirecting to login

2015-07-24 Thread Django

#25163: When a user doesn't have permission to an admin page, raise 404 instead 
of
redirecting to login
--+
 Reporter:  adelton   |Owner:
 Type:  Cleanup/optimization  |   Status:  new
Component:  contrib.admin |  Version:  master
 Severity:  Normal|   Resolution:
 Keywords:| Triage Stage:  Accepted
Has patch:  0 |  Needs documentation:  0
  Needs tests:  0 |  Patch needs improvement:  0
Easy pickings:  0 |UI/UX:  0
--+
Changes (by kswiat):

 * status:  assigned => new
 * owner:  kswiat =>


--
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/065.86482b4f201680fc7563033d65c721b1%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Django] #25163: When a user doesn't have permission to an admin page, raise 404 instead of redirecting to login

2015-07-24 Thread Django

#25163: When a user doesn't have permission to an admin page, raise 404 instead
of
redirecting to login
--+
Reporter: adelton |Owner:
Type: Cleanup/optimization | Status: new
Component: contrib.admin | Version: master
Severity: Normal| Resolution:
Keywords:| Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 |UI/UX: 0
--+

Comment (by carljm):

Yes, the 404 idea would require more work, and would have some negative
consequences.

I hope that the redirect to login in the admin is already unconditional
for any url under admin/ and doesn't currently reveal information about
the available admin urls. Need to check that.

I think the best resolution for this bug is probably some ux hint on the
admin login screen for a user who is already authenticated, as mentioned
in the ticket description. I may be missing something, but I don't see how
that would be a problem or reveal anything that shouldn't be revealed.

--
Ticket URL:
Django
The Web framework for perfectionists with deadlines.

--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/065.ac2356431491f790b5a717f5dcd8549c%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Django] #25164: The django.contrib.auth.views.login does not observe authentication via RemoteUserMiddleware

2015-07-24 Thread Django

Comment (by carljm):

I don't believe this ticket describes a bug at all. The current login view
is simple and predictable, works for a variety of common use cases as-is,
and can easily be wrapped to provide alternative behavior. The problem
described in the ticket description can easily be addressed by such
wrapping or by UX clues on the login page. I don't see any proposal here
to change Django to improve this particular scenario without harming
others. So I think this ticket should be closed.

It's not accurate to say that the login view doesn't work out of the box
with RemoteUserMiddleware. They work fine together. The login view has the
behavior that it allows an authenticated user to view the login page and
log in again if they choose. That's unrelated to RemoteUserMiddleware, and
it's a reasonable default choice which the project author can easily
change if they like.

--
Ticket URL:
Django
The Web framework for perfectionists with deadlines.

--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/065.3ec027845b3a2ad1ab8e2e71d58e1ab6%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Django] #25164: The django.contrib.auth.views.login does not observe authentication via RemoteUserMiddleware

2015-07-24 Thread Django

#25164: The django.contrib.auth.views.login does not observe authentication via
RemoteUserMiddleware
--+--
 Reporter:  adelton   |Owner:  nobody
 Type:  Bug   |   Status:  new
Component:  contrib.auth  |  Version:  master
 Severity:  Normal|   Resolution:
 Keywords:| Triage Stage:  Unreviewed
Has patch:  0 |  Needs documentation:  0
  Needs tests:  0 |  Patch needs improvement:  0
Easy pickings:  0 |UI/UX:  0
--+--

Comment (by timgraham):

 I think one point is that we don't want to prevent a logged in user from
 being able to login again (without first logging out) as your patch does.

--
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/065.f8a3a48ceb31dca8e2edaaa4988a456b%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Django] #25163: When a user doesn't have permission to an admin page, raise 404 instead of redirecting to login

2015-07-24 Thread Django

#25163: When a user doesn't have permission to an admin page, raise 404 instead
of
redirecting to login
--+
Reporter: adelton |Owner: kswiat
Type: Cleanup/optimization | Status: assigned
Component: contrib.admin | Version: master
Severity: Normal| Resolution:
Keywords:| Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 |UI/UX: 0
--+

Comment (by timgraham):

The point about authenticated users seeing less than anonymous users seems
to be a good one. It seems raising 404 instead of redirecting wouldn't
really give any security improvement unless we also raised 404s on all
admin pages (except login) for anonymous users. That could be fairly
inconvenient for users who have their session timeout and try to access
one of the admin pages with a deeper URL. They'd have to navigate back the
login page manually instead of being redirected to login with a "next"
query string parameter.

--
Ticket URL:
Django
The Web framework for perfectionists with deadlines.

--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/065.8afb94aad56a8ae283f4b69ddb61%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Django] #25163: When a user doesn't have permission to an admin page, raise 404 instead of redirecting to login

2015-07-24 Thread Django

Comment (by adelton):

Replying to [comment:4 timgraham]:
> I would expect a user to reach such a page only by typing in a URL
manually, ...

I'm not sure I agree here. The `/admin` link is really no secret and
projects are likely to have it shown all over the places, in the form of
"and by the way, if you think you are the admin, here's the link, don't
worry, we will ask for your credentials if you are currently not logged
in". And if the user is not currently logged in, that's exactly what
happens.

The problem starts when the user is logged in, just not as staff.

Yes, you can say that in that case the link to `/admin` shouldn't be
displayed at all but we have no way to enforce that in code that people
write, and besides, why should authenticated user see less than anonymous?

Or is the general recommendation to never place link to `/admin` anywhere?

--
Ticket URL:
Django
The Web framework for perfectionists with deadlines.

--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/065.5080a743ab70e5280e77ecdb3cda70f0%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Django] #25164: The django.contrib.auth.views.login does not observe authentication via RemoteUserMiddleware

2015-07-24 Thread Django

Comment (by adelton):

If you say `django.contrib.auth.views` is not supposed to work out of box
with `RemoteUserMiddleware`, I'll certainly respect that.

However, similar to our discussion in
https://code.djangoproject.com/ticket/25029, if we actually want to make
`RemoteUserMiddleware` / `PersistentRemoteUserMiddleware` more useful and
more used, it'd be nice if `django.contrib.auth.views.login` it could
handle any `django.contrib.auth.middleware` that the admin setting up the
project decides to configure. The purpose of middlewares as I understand
it is to be easily pluggable from admin's point of view -- just add them
to `MIDDLEWARE_CLASSES` list and be done with it.

Yes, the admin certainly can write their own login view. But shouldn't we
strive to make the out-of-box experience as easy as possible, making
various bits work reasonably for various setups that are shipped with
Django. Of course, situation is different with third-party software but
`RemoteUserMiddleware` has been in the project since 2009.

--
Ticket URL:
Django
The Web framework for perfectionists with deadlines.

--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/065.e8bb0c13e2453562c6780ecef2d7161b%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Django] #25163: When a user doesn't have permission to an admin page, raise 404 instead of redirecting to login

2015-07-24 Thread Django

#25163: When a user doesn't have permission to an admin page, raise 404 instead 
of
redirecting to login
--+
 Reporter:  adelton   |Owner:  kswiat
 Type:  Cleanup/optimization  |   Status:  assigned
Component:  contrib.admin |  Version:  master
 Severity:  Normal|   Resolution:
 Keywords:| Triage Stage:  Accepted
Has patch:  0 |  Needs documentation:  0
  Needs tests:  0 |  Patch needs improvement:  0
Easy pickings:  0 |UI/UX:  0
--+
Changes (by kswiat):

 * owner:  nobody => kswiat
 * status:  new => assigned


--
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/065.f5fa552b250b2985a6a5bb40f49a4a1d%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

48 matches

Mail list logo