Fix fillable and guarded attribute behavior on mass-assignment #830
Conversation
|
@josephmancuso This is ready for review. Sorry, I know it's a big one. |
|
looks nice, so many code got refactored though need to be reviewed and tested for sure |
|
@josephmancuso Think you can review this one soon? Thanks! |
|
Yes my apologies ill get to this. Its on my TODO |
|
I'm also waiting for this fix |
|
Ready for a second pass @josephmancuso |
stoutput
force-pushed
the
fix-fillable-guarded-behavior
branch
from
4138be2 to
6790ec3
Compare
| @@ -0,0 +1,2 @@ | |||
| use asdf | |||
| layout python | |||
| @@ -58,7 +58,7 @@ jobs: | |||
| python orm migrate --connection mysql | |||
| make test | |||
| lint: | |||
| runs-on: ubuntu-latest | |||
| runs-on: ubuntu-20.04 | |||
| name: Lint | |||
There was a problem hiding this comment.
Whats the point of pegging this to a version instead of always testing against the latest ubuntu version?
There was a problem hiding this comment.
If we always use the latest we can catch issues as soon as the latest version is updated on that container. If we always peg to 20.04 we'll know it works on ubuntu 20.04 but never anything newer than that
|
@josephmancuso replied to your comments – let me know if you have any other questions! |
|
Hey @josephmancuso I'm sure you're super busy but it'd be great if we didn't let this one languish, there are a few people waiting on this fix. If you want, I'd be open to taking on a co-maintainer role of the ORM repo while you're busy. |
Previously, the
__fillable__and__guarded__attributes were only partially supported, and only on create.This PR:
__fillable__and__guarded__attributes oncreate,bulk_create, andupdate__guarded__to be[][]means no attributes are guarded against mass assignment, thus allowing any field to be set byupdate/create['*'], by contrast, means that all fields on the model are guarded against mass assignment and cannot be set withupdate/createQueryBuilder.create()since this is a more "direct" method call and would still allow for creation if all the fields are excluded by fillable/guarded. If so let me know and I can remove this behavior__fillable__and__guarded__are defined on the base model. This mirrors Orator's behavior.create/bulk_create/updaterequirements.txtto only install runtime dependencies. Dev dependencies have been moved intorequirements.devand the makefile adjustedblackdue to a bug with one of its dependencies,click(in order to run formatting for this PR)Note: I still can't run tests locally in a fresh environment, which makes contributing well-tested code somewhat difficult. Was getting the error about a missing ORM config file.
Update: I was able to get most tests passing locally by creating a database config file. Its path gets set during testing only.