Open georgemillard opened 7 years ago
Suggestion: Test Driven development to identify any areas in the Model that need further validation.
Sounds like a good idea. Keep in mind that while the API has been built to allow POST requests, it is currently only expected to serve GET requests for the foreseeable future. This gives us time to get the validation in place to ensure that POST requests to the API won't break the models.
I'd also suggest to turn POST request off in production, especially while authorisations aren't fully in place. Helps with security if there is no POST endpoint at all.
Authorisations are in place so they can't currently be used, but we could discuss turning them off for now as a precaution.
Agreed to turn off POST requests for now.
Validation needs to be added at the level of the REST Api to ensure that POSTS do not break the model.
Some validation is currently implemented within the Models.
More advanced validation is implemented with the ModelForms.