New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Serializer fields with required=False should be added to model validation exclusions. #1257
Comments
Okay looks like we should make sure |
yah :D Also, would it be possible, instead of manually define the fields just for the sake of setting required=False, define the non-required fields in a list? |
Yes I think that @variable is right also on the list of required (or not_required) fields |
It would be great to see this issue addressed, as it's somewhat non-obvious behaviour if you follow the documentation! |
Happy to see it tackled. Add a test case, add a fix, submit a pull request, and it oughta sail on right through. |
Sorry, I'm not sure I phrased it correctly — what I meant is I would appreciate this issue getting some attention, as I'm currently working around this problem in my code. I would like to try and figure out how to fix the issue as a pull request, but unfortunately I don't have enough time just now, plus I'm not sure my python level is up to scratch for such a project yet. |
Closed by 9a767c2 |
Thx @carltongibson, rockin! 🌟 |
Unfortunately, this change breaks the unique constraint management. |
Hmmm. Ok. That sounds like a regression. @xordoquy Any chance you can knock up a failing test case for that? |
sure, I'm already working on it ;) |
This bug fix should warrant a new release as it also fixes a rather major security hole. Because partial=True causes all fields to have field.required=False, no model fields are ever validated during a PATCH. |
It seems that having required=False is sufficient when using curl to submit data, but when accessing via the web API interface and then submitting via there, it's still necessary to use get_validation_exclusions() to add the non-required field in. |
This bug is back in the latest version. |
@darrenbates code has changed a lot since. If you have an issue feel free to open a new bug with a failing test case to demonstrate the problem. |
Just for reference: the |
ip = serializers.IPAddressField(protocol='both', required=False, allow_blank=True) Meta: |
I explained the problem in Stackoverflow http://stackoverflow.com/questions/19780731/django-cms-framework-serializer-field-required-false
I propose to make the change to truly respect the required=False parameter in serializer fields.
The text was updated successfully, but these errors were encountered: