Custom field filters

Development
1

I have created a plugin with a rather complex custom registration form field (see User-friendly presentation of custom registration field data for the background story). Now my colleagues want to filter by some of its properties.

I found that I could easily achieve what they want by setting up a list of filter options via filter_choices and then assemble matching filters in create_sql_filter.

The only problem is that if I try to use that filter, my selection for the filter is ignored and create_sql_filter is never called. The reason for this seems to be that Indico only accepts filters from some specific default fields despite being able to handle custom filters from create_sql_filter. Specifically, in indico/modules/events/lists.py line 148 it only parses filters from a narrow list of fields.

When I extend this to also allow filters from any field that implements create_sql_filter I can achieve exactly what I want:

        for field in self.regform.form_items:
            hasCustomFilter = (hasattr(field, "field_impl") and hasattr(field.field_impl, "create_sql_filter"))
            if field.is_field and (field.input_type in {'single_choice', 'multi_choice', 'country', 'bool', 'checkbox',
                                                       'sessions'} or hasCustomFilter):
                options = request.form.getlist(f'field_{field.id}')

So: Am I missing the official way to get my filter to work or is this a change I should submit as a PR? Am I missing something where my solution could break?

2

My suggestion would be to remove that check for the field list and instead add a allow_filtering attribute to RegistrationFormFieldBase (set it to False there) and then in all the field classes that match the current hardcoded list, set it to True. Then change the code to check for that, instead of the list.

PS: A field class always has create_sql_filter, so the hasattr check would always succeed.

3

A field class always has create_sql_filter , so the hasattr check would always succee

Oops, missed that. But what does this check protect against anyway? The user can only set filters for those fields that define options and it should not be a security issue as fiddling with the request only gets you a non-working filter with the harmless generic create_sql_filter query. So, is allow_filtering even required or should the input_type check just be removed?