Skip to content

default=CurrentUserDefault and read_only=True in DRF 3.4.0 broken if unique_together is being used in a Model for a ModelSerializer #4294

Closed
Closed
default=CurrentUserDefault and read_only=True in DRF 3.4.0 broken if unique_together is being used in a Model for a ModelSerializer#4294
Labels
Bug
Milestone
3.4.1 Release
@rubendura

Description

@rubendura
rubendura
opened on Jul 21, 2016

Checklist

  • I have verified that that issue exists against the master branch of Django REST framework.
  • I have searched for similar issues in both open and closed tickets and cannot find a duplicate.
  • This is not a usage question. (Those should be directed to the discussion group instead.)
  • This cannot be dealt with as a third party library. (We prefer new functionality to be in the form of third party libraries where possible.)
  • I have reduced the issue to the simplest possible case.
  • I have included a failing test as a pull request. (If you are unable to do so we can still accept the issue.)

Steps to reproduce

import django
django.setup()
from django.contrib.auth import get_user_model
from django.db import models
from django.conf import settings
from rest_framework import serializers, test


class Item(models.Model):
    user = models.ForeignKey(settings.AUTH_USER_MODEL,
                             on_delete=models.CASCADE)
    item_number = models.IntegerField()

    class Meta:
       unique_together = (('user', 'item_number'),)


class ItemSerializer(serializers.ModelSerializer):
    user = serializers.PrimaryKeyRelatedField(read_only=True,
                                              default=serializers.CurrentUserDefault())
    class Meta:
        model = Item
        fields = ('id', 'item_number', 'user')


User = get_user_model()
user = User.objects.create_user(username='asdf')
request = test.APIRequestFactory().post('/')
request.user = user

item = Item.objects.create(user=user, item_number=3)

data = {'item_number': item.item_number}

context = {'request': request}

serializer = ItemSerializer(data=data, context=context)

assert not serializer.is_valid(), 'Should be False!'

Expected behavior

The serializer should not be valid. This is the case using djangorestframework == 3.3.0

Actual behavior

The serializer is valid. This is the case using djangorestframework == 3.4.0

I've tracked the root of the issue and it seems to be pull request #4192, where a new condition is added to get_unique_together_validators(): "and not field.read_only"

Metadata

Metadata

Assignees

No one assigned

    Labels

    Bug

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions