Django模型字段验证

Question

Where should the validation of model fields go in django?

I could name at least two possible choices: in the overloaded .save() method of the model or in the .to_python() method of the models.Field subclass (obviously for that to work you must write custom fields).

Possible use cases:

• when it is absolutely neccessary to ensure, that an empty string doesn't get written into the database (blank=False keyword argument doesn't work here, it is for form validation only)
• when it is neccessary to ensure, that "choices" keyword argument gets respected on a db-level and not only in admin interface (kind of emulating a enum datatype)

There is also a class-level attribute empty_strings_allowed in the models.Field base class definition and derived classes happily override it, however it doesn't seem to produce any effect on the database level, meaning I can still construct a model with empty-string fields and save it to the database. Which I want to avoid (yes, it is neccessary).

Possible implementations are

on the field level:

class CustomField(models.CharField):
    __metaclass__ = models.SubfieldBase
    def to_python(self, value):
        if not value:
            raise IntegrityError(_('Empty string not allowed'))
        return models.CharField.to_python(self, value)

on the model level:

class MyModel(models.Model)
    FIELD1_CHOICES = ['foo', 'bar', 'baz']
    field1 = models.CharField(max_length=255, 
               choices=[(item,item) for item in FIELD1_CHOICES])

    def save(self, force_insert=False, force_update=False):
        if self.field1 not in MyModel.FIELD1_CHOICES:
            raise IntegrityError(_('Invalid value of field1'))
        # this can, of course, be made more generic
        models.Model.save(self, force_insert, force_update)

Perhaps, I am missing something and this can be done easier (and cleaner)?

Answer 1

Django has a model validation system in place since version 1.2.

In comments sebpiq says "Ok, now there is a place to put model validation ... except that it is run only when using a ModelForm! So the question remains, when it is necessary to ensure that validation is respected at the db-level, what should you do? Where to call full_clean?"

It's not possible via Python-level validation to ensure that validation is respected on the db level. The closest is probably to call full_clean in an overridden save method. This isn't done by default, because it means everybody who calls that save method had now better be prepared to catch and handle ValidationError .

But even if you do this, someone can still update model instances in bulk using queryset.update() , which will bypass this validation. There is no way Django could implement a reasonably-efficient queryset.update() that could still perform Python-level validation on every updated object.

The only way to really guarantee db-level integrity is through db-level constraints; any validation you do through the ORM requires the writer of app code to be aware of when validation is enforced (and handle validation failures).

This is why model validation is by default only enforced in ModelForm - because in a ModelForm there is already an obvious way to handle a ValidationError .

Answer 2

I think you want this ->

from django.db.models.signals import pre_save

def validate_model(sender, **kwargs):
    if 'raw' in kwargs and not kwargs['raw']:
        kwargs['instance'].full_clean()

pre_save.connect(validate_model, dispatch_uid='validate_models')

(Copied from http://djangosnippets.org/snippets/2319/ )

Answer 3

The root issue for this, is that the validation should happen on models. This has been discussed for quite some time in django (search form model aware validation on the dev mailing list). It leads to either duplication or things escaping validation before hitting the db.

While that doesn't hit trunk, Malcolm's "poor man's model validation solution" is probably the cleanest solution to avoid repeating yourself.

Answer 4

如果我“清楚地”理解你 - 你必须覆盖函数get_db_prep_save而不是to_python