-
-
Notifications
You must be signed in to change notification settings - Fork 6.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
MultipleChoiceField empties incorrectly on a partial update using multipart/form-data #2894
Comments
The fix looks like this code in
instead of just blindly returning I will submit this as a PR (with test) if the issue is accepted. |
Yup that sounds like the right trade-off to me too. We should note this in the documentation for |
Alternative - don't display the PATCH button with the HTML form, and instead only display it for raw JSON input. See also #2883 |
Not displaying the I didn't run into this via the HTML form UI at all; on our project we have a |
I noticed this bug has "Milestone 2.4.6 Release" on it. I don't think this particular bug applies to the 2.4 series, since (if I'm not mistaken) |
@carljm any objection I'll work on the PR today to get this fixed before the next release which I'm planning any time soon ? |
@xordoquy Of course! Thanks for creating the PR. |
MultipleChoiceField empties incorrectly on a partial update using multipart/form-data (#2894)
Closed as #2894 has been merged. |
I noticed the same behavior with ListSerializer. Looking at the code the fix you introduced for ListField is not present in the ListSerializer implementation. Is there a good reason for this that I don't see ? Should I open a new bug ? |
Are ListSerializer supposed to work with forms ? |
:\ Probably not. |
My take on this, |
The root of this issue is that using
multipart/form-data
with aPATCH
(partial=True
on the serializer) there's no way to distinguish between "I am not including data for this MCF" vs "please empty this MCF", because they both look the same (zero occurrences of that key in the data).The current implementation of
MultipleChoiceField
in DRF always assumes the latter, which is the more dangerous choice, since it leads to data loss. The cause of this is thatMultipleChoiceField.get_value()
callsQueryDict.getlist
if the data is aQueryDict
, andQueryDict.getlist()
returns[]
if the key does not occur in theQueryDict
at all.I think that for safety it would be better if
MultipleChoiceField
returnedempty
in case of no key found, rather than returning[]
. It could do this only if the root serializer haspartial=True
, so that in case ofPUT
emptying the field still works correctly.The implication would be that there would be no way to empty a
MultipleChoiceField
viaPATCH
when usingmultipart/form-data
, but I think that's better than always emptying aMultipleChoiceField
when the intention was to not include it in thePATCH
.The text was updated successfully, but these errors were encountered: