Why can invalid models be saved?

[Claus Conrad]

Hi,

sorry for the newbie question!

In the admin I cannot create a user without a username, but on the shell it is possible:

>>> from django.contrib.auth.models import User

>>> u = User()

>>> u.save()

>>> u.id

2

I am trying to understand why this is possible. Does this mean model constraints in general are not enforced when instances are created and saved? Thus I will always have to validate my models before saving them, unless I set null=True on a field, in which case I'd expect to get an exception?

Thanks,

Claus

[Bill Freeman]

Most validation is in the processing of HTML forms, to help the site user (or admin) avoid errors.  Checking on the way to the database is much more limited, and is usually limited to the ability to coerce the field to the correct type.  Since django works with many databases, there is very little common ground for specifying that the database itself check, maybe just not null.

A programmer, using the models directly (that's the presumption if you're typing python statements) is expected to know what he's doing.

Bill

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users...@googlegroups.com.
To post to this group, send email to django...@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/4b097bd9-cc8b-4511-8efa-2fb4537b702f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Russell Keith-Magee]

It's possible to create an object like this because the object you constructed is legal according to the model definition. 

>>> u = User()

>>> print u.username

u''

>>> print u.first_name

u''

>>> print u.last_name

u''

>>> print u.is_staff

False

etc.

So - when you save the user, you're saving a completely legal user object - with an empty username, first/last name, and default values for is_staff, etc. If you try to create a *second* object the same way, you'll get an error, because that would be a user with a duplicated username.

The admin does an additional set of checks. This is one area where there's a leaky abstraction -- the "blank=True" definition on a model field is actually form logic, not model logic. It isn't a data validation condition. Admin uses this blank=True definition to determine if certain values should be prohibited. 

The reason for this is historical. Django's model validation framework came quite late in the peace (around Django 1.2). For backwards compatibility reasons, there are problems introducing model level validation on existing models. The forms framework on the other hand, including blank=True,  has been there since the beginning. 

Yours,

Russ Magee %-)