You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
class MyModel:
id = models.CharField(primary_key=True)
If I POST the following data
{"id" : "1234"}
I get a 201 (correct). If I POST the data again, I get a 201 again (not correct). Tastypie should return a HTTP_CONFLICT 409 since an object with the same PK already exists.
Saving newly created objects in django that have a pk value already assigned (like an id for example) overrides another resource that has the same pk. This way you can use POST to override an existing resource which make it feel like a PUT -> POST conversion. I'm not really sure it's tastypies job to prevent such a behavior, as it seems like django intents this. It should probably be part of a custom authorization to check for the existence of a pk before a new resource is being created.
If I have the following model
If I POST the following data
I get a 201 (correct). If I POST the data again, I get a 201 again (not correct). Tastypie should return a HTTP_CONFLICT 409 since an object with the same PK already exists.
For some reason, it seems POSTs are treated as PUTs via the convert_post_to_put function (https://github.com/toastdriven/django-tastypie/blob/5f9b7b040b02aed0ebd3566151a3bce42d5ef300/tastypie/resources.py#L2087). I cannot understand why this is done since POST and PUT are very different in that PUT is an idempotent request while POST is not.
The text was updated successfully, but these errors were encountered: