Skip to content

[Fix] Resolve 500 FieldError in DeviceLocationView #1110 #1153

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
nemesifier merged 3 commits into from
Jan 15, 2026
Merged

[Fix] Resolve 500 FieldError in DeviceLocationView #1110 #1153

nemesifier merged 3 commits into from
Jan 15, 2026

Conversation

@stktyagi
Copy link
Member

@stktyagi stktyagi commented Oct 24, 2025
edited
Loading

Adding organization_lookup = 'organization__in' to the view forces it to use the correct organization field and prevents the crash.

Fixes #1110

Checklist

  • I have read the OpenWISP Contributing Guidelines.
  • I have manually tested the changes proposed in this pull request.
  • I have written new test cases for new code and/or updated existing tests for changes to existing code.
  • I have updated the documentation.

Reference to Existing Issue

Closes #1110

Description of Changes

The permission mixin was incorrectly using the child's organization path (content_object__organization) to filter the parent Device including organization_lookup = 'organization__in' to the view fixes it.

@stktyagi
[Fix] Resolve 500 FieldError on DeviceLocationView #1110
41d899c 
Adding organization_lookup = 'organization__in' to the view forces it to use the correct organization field and prevents the crash.

Fixes #1110
@coveralls
Copy link

coveralls commented Oct 24, 2025
edited
Loading

Coverage Status

coverage: 98.641%. remained the same
when pulling 058b80b on issues/1110-crash-without-superuser-permission
into 1ee8c25 on master.

nemesifier
nemesifier requested changes Oct 25, 2025
View reviewed changes
Copy link
Member

@nemesifier nemesifier left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We need a test which replicates the bug and fails without the patch, otherwise another contributor may inadvertently break this again in the future.

stktyagi and others added 2 commits October 26, 2025 14:46
@stktyagi
[Test] Test for DeviceLocationView 500 error Fixes #1110
70c1c7b 
This test confirms the API correctly returns a 404 Not Found instead of crashing with a 500 FieldError.

Fixes #1110
@stktyagi
Merge branch 'master' into issues/1110-crash-without-superuser-permis…
058b80b 
…sion
@coderabbitai
Copy link

coderabbitai bot commented Jan 15, 2026
edited
Loading

📝 Walkthrough

Walkthrough

This pull request addresses a crash occurring when non-superuser accounts access the device location API endpoint. The fix adds an organization_lookup = "organization__in" attribute to the DeviceLocationView class, which explicitly defines the organization filtering path for permission checks. A corresponding test verifies that users from a different organization receive a proper 404 response instead of a server error.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

🚥 Pre-merge checks | ✅ 4
✅ Passed checks (4 passed)
Check name Status Explanation
Description check ✅ Passed The PR description follows the template structure, includes the issue reference (#1110), describes changes clearly, and confirms testing and code review checklist completion.
Linked Issues check ✅ Passed The code changes directly address issue #1110 objectives: adding organization_lookup prevents the FieldError crash by using correct organization field, and new test verifies proper 404 response instead of 500 error.
Out of Scope Changes check ✅ Passed All changes are directly scoped to fixing issue #1110: the organization_lookup attribute targets the root cause, and the test reproduces the exact failure scenario described.
Title check ✅ Passed The title accurately describes the main fix: resolving a 500 FieldError in DeviceLocationView, which is the primary change demonstrated by both the code modification and test addition.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

nemesifier
nemesifier approved these changes Jan 15, 2026
View reviewed changes
Copy link
Member

@nemesifier nemesifier left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @stktyagi 👍

@nemesifier nemesifier changed the title [Fix] Resolve 500 FieldError on DeviceLocationView #1110 [Fix] Resolve 500 FieldError in DeviceLocationView #1110 Jan 15, 2026
@nemesifier nemesifier merged commit 6697a3a into master Jan 15, 2026
19 checks passed
@nemesifier nemesifier deleted the issues/1110-crash-without-superuser-permission branch January 15, 2026 21:52
@coderabbitai coderabbitai bot mentioned this pull request Jan 19, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nemesifier nemesifier nemesifier approved these changes

@coderabbitai coderabbitai[bot] coderabbitai[bot] approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[bug] Crash when accessing "api/v1/controller/device/[device UUID]/location/" without Superuser permssions

4 participants

@stktyagi @coveralls @nemesifier