search

jazzband / django-smart-selects

chained and grouped selects for django forms
https://django-smart-selects.readthedocs.io/
BSD 3-Clause "New" or "Revised" License
1.11k stars 348 forks source link

More options to filter the chained field #243

Closed fuatu closed 6 years ago

fuatu commented 6 years ago

This is a feature request:

Actual behavior

For chained fields it displays all the lines from database.

Expected behavior

For chained fields it will be very nice to be able to filter further. For example I am getting a list of debts for a user. So when the user is selected I can select relevant debts in the select dropdown. However when the debt is paid I have a field paid = True. So I want to display only records where it is relevant to selected user and paid = False.

blag commented 6 years ago

If you need more complex filtering, etc., I would recommend the django-autocomplete-light package.

This is meant to be a "quick and dirty" app to get you up and running, but more complex functionality (including more security!) is possible in DAL.

I'm also a little bit worried that you are exposing sensitive user information via this app's AJAX endpoints. Be aware that the AJAX endpoints do not enforce any permissions, and allow anybody in the world to query models with a chained field.

Closing.