אורי
u...@speedy.net
On Fri, Oct 7, 2022 at 10:01 AM Carlton Gibson <carlton.gib...@gmail.com>
wrote:
> > ... the duplication I was referring to is having both Forms and
> Serializers do validation.
>
> That's a separate issue.
>
> Can we merge various aspects of DRF into Django, so that it better handles
> building JSON APIs? Yes, clearly. One step of that is better content type
> handling, another is serializers. (There are others).
> On the serializer front, it would be a question of making django.forms
> better able to handle list-like (possibly do-able with FormSet) and nested
> data, and so on.
> Not a small project, but with things like django-readers, and
> Pydantic (and django-ninja), and attrs/cattrs showing new ideas,
> re-thinking about serialization in Django is about due.
>
> But the issue is here:
>
> > ... I also don't relish the thought of needing to use a Form or
> Serializer every time I alter a Model's data.
>
> I'm like literally, "¿Qué? 😳" - Every single time you get data from an
> untrusted source you simply **must** validate it before use. ("Filter
> input, escape output", I was drilled.) That applies exactly the same to a
> CSV file as it does to HTTP request data. (That your CSV is malformed is
> axiomatic no? :)
>
> If you want to enforce validation, with a single call, write a method (on
> a manager likely) that encapsulates your update logic (and runs the
> validation before save). Then always use that in your code. (That's long
> been a recommended pattern
> <https://www.dabapps.com/blog/django-models-and-encapsulation/>.) But
> don't skip the validation layer on your incoming data.
>
> I would be -1 to `validate` kwarg to `save()` — that's every user ever
> wondering *should I use it? *every time. (Same for a setting.)
> Rather — is this a docs issue? — we should re-emphasise the importance of
> the validation layer.
> Then if folks want a convenience API to do both tasks, they're free to
> write that for their models. (This is what Uri has done for Speedy Net.
> It's not a bad pattern.)
>
Thank you! 🍑
You might want to include such a solution in the docs, in case Django users
want to validate models.
My solution is taken from https://gist.github.com/glarrain/5448253
--
You received this message because you are subscribed to the Google Groups
"Django developers (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-developers/CABD5YeH%2B-9SeTqLvLZHjDZSRg_xPBcyLyggwi8LGtR2orNmHGA%40mail.gmail.com.
