David - All of your points are accurate. A usable ORM will probably never be perfectly safe, and none of the Django workarounds are particularly difficult. But requiring extra steps to get the save level of data safety as other ORMs will, just by nature of human nature and scale, make Django a riskier choice as well as increase the cost and risk of maintaining it. I think that unnecessary risk damages Django's long-term viability as a project and a technology choice for an organization.
On Saturday, October 1, 2022 at 6:50:56 PM UTC-7 shang.xia...@gmail.com wrote: > I'm not really interested in debating whether the ORM validates or not but > I thought it might be worth pointing out a few things that haven't been > touched on yet: > > > It's not right. > > Design decisions are often neither outright right nor wrong but more > tradeoffs of varying values. > > > > The data store layer should protect the validity of the data. > > I disagree that the ORM is the data store layer - that's the database. I > never put any guarantees in ORM validation because there's always a myriad > of ways to get around it. > > If you want guarantees I suggest you look into setting up constraints, > they're quite easy with Django nowadays. Some examples aside from the usual > unique constraint: > > - Validation of choices? Setup a check constraint to check the value > exists in the TextChoices `values` attribute. > - Validation of non-overlapping date ranges? Use range types with > exclusion constraints. > - Only 1 column from a set of columns should be set? Use a check > constraint with an xor not null test. > - There are plenty more of these :) > > Only the database can protect the data. > > -- > David > > On Fri, 30 Sept 2022 at 10:12, Aaron Smith <aa...@aaronsmith.co> wrote: > >> Why doesn't Django validate Models on save()? >> >> I am aware that full_clean() is called when using ModelForms. But most >> web app development these days, and every django app I've ever worked with, >> are headless APIs. The default behavior is dangerous for the naive >> developer. >> >> Bringing View-level concepts such as forms or serializers down into >> celery tasks and management commands breaks separation of concerns, and >> having multiple validation implementations at different layers in the app >> is fraught with divergence and unexpected behavior. >> >> It's not right. The data store layer should protect the validity of the >> data. >> >> -- >> > You received this message because you are subscribed to the Google Groups >> "Django developers (Contributions to Django itself)" group. >> > To unsubscribe from this group and stop receiving emails from it, send an >> email to django-develop...@googlegroups.com. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/django-developers/37ec0c58-2561-4300-9ead-05160410c389n%40googlegroups.com >> >> <https://groups.google.com/d/msgid/django-developers/37ec0c58-2561-4300-9ead-05160410c389n%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> > -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/7ad09662-2fca-47c2-a1cf-e552856be204n%40googlegroups.com.
