Mirrors/mealie
1
0
Fork 0
mirror of https://github.com/mealie-recipes/mealie.git synced 2026-05-15 22:37:32 -04:00
Code Issues Packages Projects Releases Wiki Activity

allow association proxies to pass the restricted filter

Browse Source
This commit is contained in:
Michael Genson
2026-05-14 19:29:10 +00:00
parent 3e2a60ad14
commit 3e172dccef
2 changed files with 12 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
tests/unit_tests/repository_tests/test_query_filter_builder.py
View File

@@ -117,6 +117,15 @@ def test_restricted_traversal_blocked_when_disallowed():
QueryFilterBuilder.get_model_and_model_attr_from_attr_string("user.email", RecipeModel, allow_restricted=False)
def test_association_proxy_through_restricted_model_allowed():
"""Association proxies (e.g. household_id) traverse through User but are intentional
exposures on the source model and must NOT be blocked even when allow_restricted=False."""
model, attr, _ = QueryFilterBuilder.get_model_and_model_attr_from_attr_string(
"household_id", RecipeModel, allow_restricted=False
)
assert model is User
def test_restricted_traversal_allowed_by_default():
"""Traversing into User via RecipeModel.user should succeed when allow_restricted=True (default)."""
model, attr, _ = QueryFilterBuilder.get_model_and_model_attr_from_attr_string("user.email", RecipeModel)