get() on dynamic relation is inconsistent

Comments (5)

1. 

   Former user Account Deleted

   • attached sqlalchemyrelationgetissue.py

   Demonstrates the issue.

   • 2007-12-06T12:27:44+00:00
2. 

   Mike Bayer repo owner

   • changed milestone to 0.5.0
   • changed component to orm
   • marked as major

   id vote for get() and load() raising an error on any Query if any existing filtering criterion are present. they really were not meant as "generative" methods, even though they can take advantage of options(), with_lockmode(), etc.

   But this could cause some upgrade pain for lots of folks, so its possible that we'd just have to do a warning for now with the hard change in 0.5.

   I don't think too many people are actually "confused" thinking that get() is honoring existing filtered criterion, and also the potential "security" breach is certainly not limited to "dynamic" relations.

   ill bring it up on sqlalchemy-devel.

   • 2007-12-06T13:21:31+00:00
3. 

   Former user Account Deleted

   I managed to be confused by it, but that may just be a personal problem. :-)

   • 2007-12-06T13:46:50+00:00
4. 

   Mike Bayer repo owner

   • changed status to resolved
   • changed milestone to 0.4.xx

   yes, i see what you mean by the cached lookup. Thats the real usage contract here and we have not yet implemented in-python filters so thats not an option here. get()'s main contract is that it won't do any database work if it doesn't have to.

   So Ive changed my mind - get(id) means get that id, so existing criterion should be cleared out. Your test case returns the out-of-band data in all cases now, which is at least consistent. 4580e77da28ee9bf98c109e8f7a81cb569112dcc.

   • 2007-12-06T14:17:58+00:00
5. 

   Mike Bayer repo owner

   • removed milestone

   Removing milestone: 0.4.xx (automated comment)

   • 2014-02-23T18:13:39+00:00
6. Log in to comment