-
-
Notifications
You must be signed in to change notification settings - Fork 6.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Uniqueness validators should not be run for excluded (read_only) fields #2848
Comments
Presumably if either is read_only, then we shouldn't validate them? (Ie. same as excluding one?) |
This is how django does it: https://github.com/django/django/blob/master/django/forms/models.py#L344 (build exclusion list) Then here: https://github.com/django/django/blob/a10b4c010ab2cdaa6ba8bfaec3e3540299ea77be/django/db/models/base.py#L926 So It looks like you are correct, a uniquetogether check is not done if ANY of the fields are missing |
I can write a PR for this as long as the design is accepted. I just hate writing stuff that won't get approved. |
I'm broadly in favor of this, but I don't think we can make any definite decisions without seeing an example fix and test case. Labeling this as a valid bug to address tho. |
Uniqueness validators should also not be run if required=False. I have a serializer (Room) with required=False set on a nested user serializer, but it fails with a "This field is required" because user is part of a unique_together requirement on the Room model. Is there a workaround for now to exclude this validation on the serializer? For now, I've removed the unique_together requirement, but that's obviously less than ideal. |
This use case is more complex. You want to run the uniqueness constraint when both have a value though not if only one is provided. |
+1. Behaviour today is that they are both blocked as required when uniqueness is defined, even when the fields are read_only=True or required=False. |
|
It comes down to decide which constraint takes precedence? http://stackoverflow.com/questions/5772176/django-unique-together-and-blank-true Checking on the behaviour of Django, it seems like the uniqueness takes precedence, as it is enforced on DB level. What I would at least suggest is to handle the exception more gracefully. Now if you have a field that you put required=False but with uniqueness, you get the message "this field is required". |
It comes down to how to handle the most common use cases and easily allow developers to deal with edge cases. To me, it's very similar to the work done on writable nested serializers. Raising warnings if conflicting constraints are found could be a nice way to make the developers aware that they might be hitting a wall. |
I strongly recommend following Django's behavior. Partially for dev sanity, but mainly so unique_together fields can be autogenerated in the save method of the model. If they are both read_only, then there is no point in validating because there is nothing to be sent from the wire. However, having validating fail, makes it so you cannot autogenerate values, which is very problematic. |
There's no way DRF can be aware of auto generated data at save time. This basically means the API will raise 500 errors because the unique_together constraint may be broken if the dev forgot to set the data. |
Exactly. That's why DRF can't be imposing itself when you declare that you will be managing those fields yourself. If you disagree, give me one scenario where read_only is set on a field, but DRF itself will save that field based on user input. |
get_uniqueness_extra_kwargs and get_unique_together_validators both rely on Django's model unique_together specification. However, if read_only is set for both they should not be expected to be validated as normal. This reflects the behavior of django forms (exclude the field in form and it doesn't validated against this). This allows unique_together fields to be autogenerated in the save method of the model.
The text was updated successfully, but these errors were encountered: