-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update fields.rst to include a warning about saving related objects. #1344
Conversation
Could you show us the code that's giving you this problem? Or better yet, a test case? I would think that if the ID and resource_uri are included on the data you POST back, Tastypie ought to look up the existing model and merge the data. |
I will try to do a specific test case this week. I am not disputing that Tastypie looks up the existing model, it does. The issue is that if a field is in Meta.excluded then it is assumed to be the default value. Therefore password gets set to an empty string. |
Yeah, that's something we'll want to get fixed. Thanks for the test case! |
…ted in django 1.55+ see http://stackoverflow.com/questions/19966921/lettuce-and-django-1-55-getting-importerror-cannot-import-name-wsgiserverexcep replace with socket.error
… the related resource is a full resource
See pull request for a failing test case which demonstrates when this bug happens. Also added a fix for the socket exceptions. |
Thanks! I'll pull these changes into another PR with a fix for the test failure. |
Thanks Sean, glad to help out. |
I found the problem. fields.py:612 can_update() returns False if PUT isn't an allowed method. The real bug is that the related resource got saved when updating isn't allowed. I'm working on a fix. |
…ll the necessary object permissions checks (authorized_update_detail or authorized_create_detail). can_update() only checks the HTTP methods allowed, which doesn't really make sense for related resources. This fixes a bug (PR django-tastypie#1344) in otherwise updatable related resources which had PUT disabled. The bug caused the related resource to overwrite existing columns in the DB, since missing values were set to default since full hydration hadn't taken place.
…ll the necessary object permissions checks (authorized_update_detail or authorized_create_detail). can_update() only checks the HTTP methods allowed, which doesn't really make sense for related resources. This fixes a bug (PR django-tastypie#1344) in otherwise updatable related resources which had PUT disabled. The bug caused the related resource to overwrite existing columns in the DB, since missing values were set to default since full hydration hadn't taken place. Also includes changes to prevent saving bundles loaded via URI, and to make sure data is only saved inside Resource classes (replaced calls to obj_update() in RelatedField().resource_from_data()).
…ll the necessary object permissions checks (authorized_update_detail or authorized_create_detail). can_update() only checks the HTTP methods allowed, which doesn't really make sense for related resources. This fixes a bug (PR django-tastypie#1344) in otherwise updatable related resources which had PUT disabled. The bug caused the related resource to overwrite existing columns in the DB, since missing values were set to default since full hydration hadn't taken place. Also includes changes to prevent saving bundles loaded via URI, and to make sure data is only saved inside Resource classes (replaced calls to obj_update() in RelatedField().resource_from_data()).
…ll the necessary object permissions checks (authorized_update_detail or authorized_create_detail). can_update() only checks the HTTP methods allowed, which doesn't really make sense for related resources. This fixes a bug (PR #1344) in otherwise updatable related resources which had PUT disabled. The bug caused the related resource to overwrite existing columns in the DB, since missing values were set to default since full hydration hadn't taken place. Also includes changes to prevent saving bundles loaded via URI, and to make sure data is only saved inside Resource classes (replaced calls to obj_update() in RelatedField().resource_from_data()).
No description provided.