encode/django-rest-framework
1
1
Fork 0
mirror of https://github.com/encode/django-rest-framework.git synced 2025-08-02 19:40:13 +03:00
Code Issues Packages Projects Releases Wiki Activity

allow search only for valid search fields registered in the view

Browse Source
This commit is contained in:
Oz Bar Shalom 2018-03-07 09:00:10 +02:00 committed by GitHub
parent 80320d015d
commit 4af00465b2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
rest_framework/filters.py
View File

@ -331,10 +331,16 @@ class DjangoObjectPermissionsFilter(BaseFilterBackend):
return params
def filter_queryset(self, request, queryset, view):
valid_fields = getattr(view, 'search_fields', [])
search_terms = self.get_search_terms(request)
if not search_terms:
if not search_terms or not allowed_search_fields:
return queryset
if valid_fields != '__all__':
search_terms = [search_term for search_term in search_terms if
search_term[0] in valid_fields]
orm_lookups = [
self.construct_search(six.text_type(search_term[0]))