Avoid executing querysets when getting the string representation of Serializers with related fields

[michelts]

This way, if the serializer is inadvertently converted to a string, the queryset won't be executed. Take the snippet below as an example:

class SampleSerializer(serializers.Serializer):
    user = serializers.PrimaryKeyRelatedField(
        queryset=User.objects.filter(is_active=True)
    )

def sample_view(request):
    serializer = SampleSerializer(data=request.data)
    data = serializer.is_valid(raise_exception=True)
    do_something_with(data)
    return response.Response(data, status=status.HTTP_200_OK)

Django has a default string representation for a queryset: if you try to print it, it will actually query 21 items from the database and print them. It could be potentially harmful if the queryset you are using is not optimized to be listed sequentially and has millions of records.

The discussion #7782 has more details. I didn't convert the discussion to a ticket yet though.

[carltongibson]

Similar to the conclusion on the Django mailing list, I think this is artificially favouring an advanced use-case over the common case. The recommendation is to define __repr__ on your QuerySet if you want this kind of thing. (Let’s discuss on the discussion, but noting my general worry here.)

[michelts]

Closing after the conclusion this is not something to be solved at the django-rest-framework side. More details on discussion #7782.