Comment 4 for bug 1400366

Damn :) I'm really trying to explain it right: check in pagination is very weak - it looks over all fields in model, just private ones!

Example: you can request /v2/images/sort_key=_sa_class_manager and it will pass the check and then there will be an exception in sql after executing the query: ArgumentError: SQL expression object or string expected and glance will return 500 code. It shouldn't be.

Also you can request /v2/images/sort_key=properties and it also will pass the check. There will not be an exception and you will get all images sorted by properties list id.

These requests make no sense, they are illogical and we have to process them right.

I don't mind about other keys like min_ram or something but we should deprecate '_sa_class_manager' as a key!