Re: Model-level validation

2022-10-07 Thread James Bennett
On Fri, Oct 7, 2022 at 6:21 PM Aaron Smith wrote: > Mariusz - fair enough, I will consider my point made and apologies if it > came off too strong. FWIW it's not just my opinion, it's shared by every > developer (dozens) I've had this conversation with up until now. It's a > stark contrast that m

Re: Model-level validation

2022-10-07 Thread Aaron Smith
Mariusz - fair enough, I will consider my point made and apologies if it came off too strong. FWIW it's not just my opinion, it's shared by every developer (dozens) I've had this conversation with up until now. It's a stark contrast that makes me wonder how aware the core developers / old timer

Re: Why using django.contrib.sessions as the salt to encode session data? why not secret key?

2022-10-07 Thread Avantika gohane
heyavantika this side On Mon, Oct 3, 2022, 5:21 PM Lokesh Sanapalli wrote: > Hi, > > I was going through the code and got a question. I saw that we are using > hard-coded string `django.contrib.sessions` as the key salt to encode > session data >

Re: Model-level validation

2022-10-07 Thread Mariusz Felisiak
> I am aware there are patterns to work around this in Django. My position is that skipping validation should be the rare edge case and not the easy naive path. Unless Django's stated purpose is to be a cute toy for making blogs, and robust infrastructure is off-label, but that's not what I see

Re: Model-level validation

2022-10-07 Thread Aaron Smith
Yes, every time you you get data from an untrusted source you must validate it. As well as *every time you change model attributes, ever*. There seems to be a widespread frame of mind in Django that validation is something you only need to do with data from a untrusted sources. As someone who ha

Re: Model-level validation

2022-10-07 Thread 'Barry Johnson' via Django developers (Contributions to Django itself)
I agree with James in several ways. Our large Django application does rather extensive validation of data -- but I would argue strongly against embedding that validation in the base instance.save() logic. (I would not argue against Django including a "ValidatingModel", derived from Model, tha

Re: Model-level validation

2022-10-07 Thread אורי
אורי u...@speedy.net On Fri, Oct 7, 2022 at 10:01 AM Carlton Gibson wrote: > > ... the duplication I was referring to is having both Forms and > Serializers do validation. > > That's a separate issue. > > Can we merge various aspects of DRF into Django, so that it better handles > building JSON

Re: Model-level validation

2022-10-07 Thread Carlton Gibson
> ... the duplication I was referring to is having both Forms and Serializers do validation. That's a separate issue. Can we merge various aspects of DRF into Django, so that it better handles building JSON APIs? Yes, clearly. One step of that is better content type handling, another is serialize