Opened 5 years ago

Closed 5 years ago

#31200 closed Cleanup/optimization (fixed)

Add system check for the length of auth permissions codenames.

Reported by: Michael Mulholland Owned by: Michael Mulholland
Component: contrib.auth Version: dev
Severity: Normal Keywords:
Cc: Triage Stage: Accepted
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

I stumbled across this while performing some migrations on models with rather... descriptive names (my original model was dynamically created).

Anyway, it looks like in cases where a model name is just under the 100 character limit, and contrib.auth is used, the codenames generated for the default permissions (ie. add_*, change_*, delete_*, view_*) can exceed the maximum 100 characters on the Permission model.

As an example, the model below having a 98 character name allows migrations to be generated, but upon running the migration, a database error is raised when it tries to create permissions with codenames above 100 characters.

The model:

class SomeExcessivelyDescriptiveModelWithAnAbsolutelyRidiculousNameThatCouldntEverNeedToBeNearlyThisLong(models.Model):
    field1 = models.CharField(max_length=25)

The error:

django.db.utils.DataError: value too long for type character varying(100)

While I'm aware that you can override the default permissions by setting Meta.default_permissions on the model (this is how I fixed my app), and that the majority of people would never need model names this long, I figured it might be worth adding validation for this case since it uses contrib.auth's default behaviour. Also, the error message originally came up while using a flush command, which seemed counterintuitive.

Change History (2)

comment:1 by Mariusz Felisiak, 5 years ago

Has patch: set
Owner: changed from nobody to Michael Mulholland
Status: newassigned
Summary: Default permissions creation raises a DataError on excessively long model namesAdd system check for the length of auth permissions codenames.
Triage Stage: UnreviewedAccepted
Type: BugCleanup/optimization
Version: 2.2master

comment:2 by Mariusz Felisiak <felisiak.mariusz@…>, 5 years ago

Resolution: fixed
Status: assignedclosed

In 5a68a223:

Fixed #31200 -- Added system checks for permissions codenames max length.

Note: See TracTickets for help on using tickets.
Back to Top