I noticed a problem in AppSettingAPI.set(): When attempting to update an existing setting, the non-existence of an app plugin in the AppSetting model is not explicitly included in the query:
q_kwargs = {'name': setting_name, 'project': project, 'user': user}
if not plugin_name == 'projectroles':
q_kwargs['app_plugin__name'] = plugin_name
setting = AppSetting.objects.get(**q_kwargs)
This means that if there is a similarly named setting to projectroles in another app (which is of course allowed), we risk either updating the wrong object or raising an exception if multiple objects are found with the same get() query.
I noticed a problem in
AppSettingAPI.set()
: When attempting to update an existing setting, the non-existence of an app plugin in theAppSetting
model is not explicitly included in the query:This means that if there is a similarly named setting to projectroles in another app (which is of course allowed), we risk either updating the wrong object or raising an exception if multiple objects are found with the same
get()
query.I will fix this while doing #1450.