Add test to explain behavior

Ryan P Kilby · Ryan P Kilby · commit 0d9ce7f74ec9 · 2016-11-17T20:20:07.000-05:00
diff --git a/tests/test_filtering.py b/tests/test_filtering.py
@@ -13,6 +13,7 @@
 )
 
 from .testapp.filters import (
+    UserFilter,
     PersonFilter,
     PostFilter,
     BlogPostFilter,
@@ -326,6 +327,28 @@ def test_related_filters_caching(self):
 
         self.assertEqual(len(filters), 1)
 
+    def test_relatedfilter_queryset_required(self):
+        # Use a secure default queryset. Previous behavior was to use the default model
+        # manager's `all()`, however this has the side effect of exposing related data.
+        # The default behavior should not expose information, which requires users to
+        # explicitly set the `queryset` argument.
+        class NoteFilter(FilterSet):
+            title = filters.CharFilter(name='title')
+            author = filters.RelatedFilter(UserFilter, name='author')
+
+            class Meta:
+                model = Note
+                fields = []
+
+        GET = {'author': User.objects.get(username='user2').pk}
+        f = NoteFilter(GET, queryset=Note.objects.all())
+
+        with self.assertRaises(AssertionError) as excinfo:
+            f.qs
+
+        msg = str(excinfo.exception)
+        self.assertEqual("Expected `.get_queryset()` to return a `QuerySet`, but got `None`.", msg)
+
 
 class MiscTests(TestCase):
     def test_multiwidget_incompatibility(self):
