Serializer fields with required=False should be added to model validation exclusions.

[variable]

I explained the problem in Stackoverflow http://stackoverflow.com/questions/19780731/django-cms-framework-serializer-field-required-false

I propose to make the change to truly respect the required=False parameter in serializer fields.

[tomchristie]

Okay looks like we should make sure get_validation_exclusions automatically adds those fields in the same way that kevin stone recommends.

[variable]

yah :D

Also, would it be possible, instead of manually define the fields just for the sake of setting required=False, define the non-required fields in a list?

[StErMi]

Yes I think that @variable is right also on the list of required (or not_required) fields

[kot-behemoth]

It would be great to see this issue addressed, as it's somewhat non-obvious behaviour if you follow the documentation!

[tomchristie]

Happy to see it tackled. Add a test case, add a fix, submit a pull request, and it oughta sail on right through.

[kot-behemoth]

Sorry, I'm not sure I phrased it correctly — what I meant is I would appreciate this issue getting some attention, as I'm currently working around this problem in my code.

I would like to try and figure out how to fix the issue as a pull request, but unfortunately I don't have enough time just now, plus I'm not sure my python level is up to scratch for such a project yet.

[carltongibson]

Closed by 9a767c2

[tomchristie]

Thx @carltongibson, rockin! 🌟

[xordoquy]

Unfortunately, this change breaks the unique constraint management.
I now have IntegrityError instead of a nice message.

[carltongibson]

Hmmm. Ok. That sounds like a regression. @xordoquy Any chance you can knock up a failing test case for that?

[xordoquy]

sure, I'm already working on it ;)

[alanwj]

This bug fix should warrant a new release as it also fixes a rather major security hole.

Because partial=True causes all fields to have field.required=False, no model fields are ever validated during a PATCH.

[procmail]

It seems that having required=False is sufficient when using curl to submit data, but when accessing via the web API interface and then submitting via there, it's still necessary to use get_validation_exclusions() to add the non-required field in.

[darrenbates]

This bug is back in the latest version.

[xordoquy]

@darrenbates code has changed a lot since. If you have an issue feel free to open a new bug with a failing test case to demonstrate the problem.

[yellowcap]

Just for reference: the required and allow_blank argument seems to have no effect on ModelSerializer fields, if unique_together constraints are set on the corresponding model, see #4456

[g-rd]

ip = serializers.IPAddressField(protocol='both', required=False, allow_blank=True)
also set on model and I get:
"ip": [
"This field may not be null."
],
Any ideas ?

Meta:
djangorestframework==3.7.7