-
Notifications
You must be signed in to change notification settings - Fork 73
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Schema validation of mandatory fields on a blueprint with a HTTP PATCH method containing only modified fields #628
Comments
I figured it out, if i replace the decorator with this: @_bp.arguments(AccountGroupModelSchema(partial=True)) the validate method ignores missing fields! |
Whilst partial=True does permit PATCH to work with validation, it creates another problem within apispec causing errors like this to appear:
I assume this is because apispec considers the partial Schema to be different to the non-partial one. |
It is fine. Just craft a custom name resolver to provide a different name for partial schemas. def resolver(schema):
# This is the default name resolver from apispec
schema_cls = resolve_schema_cls(schema)
name = schema_cls.__name__
if name.endswith("Schema"):
name = name[:-6] or name
# Except it appends Partial to partial schemas.
if isinstance(schema, ma.Schema) and schema.partial:
name = f"{name}Partial"
return name
class Api(flask_smorest.Api):
"""Api class"""
def __init__(self, app=None, *, spec_kwargs=None):
spec_kwargs = spec_kwargs or {}
spec_kwargs["marshmallow_plugin"] = MarshmallowPlugin(
schema_name_resolver=resolver
)
super().__init__(app=app, spec_kwargs=spec_kwargs) |
Shouldn't flask-smorest "just work" for the (very common) RESTful use of PATCH whereby only modified attributes are submitted? I don't really understand the above code enough to know quite how it works, but would (in my example above) I also need a AccountGroupModelSchemaPartial schema, thus doubling the number of schemas I have ?? |
I didn't test that code but I think it should work with the I'm not sure patch is so commonly used. I've been investigating about it a while back and doing it this way doesn't allow to remove a field, for instance, hence the use of complicated things like json-patch. In my APIs, I don't provide PATCH, just PUT. The client GETs an item, modifies it, then PUTs. But there's no point arguing about whether or not it is common. I'd be happy if it could be supported out-of-the-box even if it uncommon, except in this case it seems kind of complicated to do and requires assumptions about how the PATCH is performed that I don't want to make. I think the solution proposed above is the way to go. Admittedly, it could be documented better. |
I have a simple CRUD class (based on
flask.views.MethodView
).The Schema class is based on
marshmallow_sqlalchemy.SQLAlchemyAutoSchema
.When submitting a HTTP PATCH, the JSON payload contains only those fields being modified, e.g.
{ "name": "new_name" }
. This means the Schema validation fails, because mandatory fields are not present.Is there anyway to handle validating the fields that are present AND rejecting any fields that are unknown but NOT failing validation for missing (as not being modified) fields in a PATCH? Or do I just have to take the JSON directly, update the entity, then validate prior to updated in the ORM?
The text was updated successfully, but these errors were encountered: