PyPI - django-ninja-aio-crud - Versions diffs - 2.18.1__py3-none-any.whl → 2.18.2__py3-none-any.whl - Mend

django-ninja-aio-crud 2.18.1py3-none-any.whl → 2.18.2py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of django-ninja-aio-crud might be problematic. Click here for more details.

Files changed (6) hide show

{django_ninja_aio_crud-2.18.1.dist-info → django_ninja_aio_crud-2.18.2.dist-info}/METADATA RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: django-ninja-aio-crud
-Version: 2.18.1
+Version: 2.18.2
 Summary: Django Ninja AIO CRUD - Rest Framework
 Author: Giuseppe Casillo
 Requires-Python: >=3.10, <3.15

{django_ninja_aio_crud-2.18.1.dist-info → django_ninja_aio_crud-2.18.2.dist-info}/RECORD RENAMED Viewed

@@ -1,4 +1,4 @@
-ninja_aio/__init__.py,sha256=0d83rifGl3AtqjPqmhu8uQRV_EBq6JoUIWpkaU_OSaQ,120
+ninja_aio/__init__.py,sha256=GG9VIprfl_xsxe8mkdQQOZKg-SjYn-uPExDck4VTOSg,120
 ninja_aio/api.py,sha256=tuC7vdvn7s1GkCnSFy9Kn1zv0glZfYptRQVvo8ZRtGQ,2429
 ninja_aio/auth.py,sha256=f4yk45fLi36Qctu0A0zgHTFedb9yk3ewq5rOMpoPYIE,9035
 ninja_aio/exceptions.py,sha256=w8QWmVlg88iJvBrNODSDBHSsy8nNpwngaCGWRnkXoPo,3899
@@ -15,7 +15,7 @@ ninja_aio/helpers/api.py,sha256=va_HvZVBFm1KxwQhH4u09U4F1JS5JrQuRpRmPTHJt7w,2132
 ninja_aio/helpers/query.py,sha256=Lqv4nrWYr543tC5K-SEcBottLID8cb83aDc26i2Wxj4,5053
 ninja_aio/models/__init__.py,sha256=L3UQnQAlKoI3F7jinadL-Nn55hkPvnSRPYW0JtnbWFo,114
 ninja_aio/models/serializers.py,sha256=pRRa0ci8ObhmJoQkzreDxV0JA6elG0Tyj8mJutRDqpo,64021
-ninja_aio/models/utils.py,sha256=iZ2pmtREtTC9G1isJbHTME-PzgI_BW7r6RBxvnlQJBw,39940
+ninja_aio/models/utils.py,sha256=uIjQz6-89H7Myires79_v9xSMU5A6JVBBmMzlDLZwp4,37261
 ninja_aio/schemas/__init__.py,sha256=dHILiYBKMb51lDcyQdiXRw_0nzqM7Lu81UX2hv7kEfo,837
 ninja_aio/schemas/api.py,sha256=dGUpJXR1iAf93QNR4kYj1uqIkTjiMfXultCotY6GtaQ,361
 ninja_aio/schemas/filters.py,sha256=VxzH2xSWok8cUSkyfeqtrGhRewtFVmNHQfHNvY8Aynw,2662
@@ -24,7 +24,7 @@ ninja_aio/schemas/helpers.py,sha256=CpubwNXsZHtu8jddliyQybF1epwZ-GO60vHIuF5AR1Y,
 ninja_aio/views/__init__.py,sha256=DEzjWA6y3WF0V10nNF8eEurLNEodgxKzyFd09AqVp3s,148
 ninja_aio/views/api.py,sha256=Sj4yIVLVQEVKxwFzVbT6YhiSCxXtcvdlTtWhJfccOus,26191
 ninja_aio/views/mixins.py,sha256=rE4otyuenx6bfOLmnvMiSn10Kh7p0newU0-HarWDWS4,17779
-django_ninja_aio_crud-2.18.1.dist-info/licenses/LICENSE,sha256=yrDAYcm0gRp_Qyzo3GQa4BjYjWRkAhGC8QRva__RYq0,1073
-django_ninja_aio_crud-2.18.1.dist-info/WHEEL,sha256=G2gURzTEtmeR8nrdXUJfNiB3VYVxigPQ-bEQujpNiNs,82
-django_ninja_aio_crud-2.18.1.dist-info/METADATA,sha256=vMfBlBuF8vq6dNp2ciGcjLSjMM5Gx0I7pqNM2dtGs7I,13404
-django_ninja_aio_crud-2.18.1.dist-info/RECORD,,
+django_ninja_aio_crud-2.18.2.dist-info/licenses/LICENSE,sha256=yrDAYcm0gRp_Qyzo3GQa4BjYjWRkAhGC8QRva__RYq0,1073
+django_ninja_aio_crud-2.18.2.dist-info/WHEEL,sha256=G2gURzTEtmeR8nrdXUJfNiB3VYVxigPQ-bEQujpNiNs,82
+django_ninja_aio_crud-2.18.2.dist-info/METADATA,sha256=uRj6qJ8HaV6vM5nhqSTs6FYwd1Bex_gfCosWXtlJDbw,13404
+django_ninja_aio_crud-2.18.2.dist-info/RECORD,,

ninja_aio/__init__.py CHANGED Viewed

@@ -1,6 +1,6 @@
 """Django Ninja AIO CRUD - Rest Framework"""
-__version__ = "2.18.1"
+__version__ = "2.18.2"
 from .api import NinjaAIO

ninja_aio/models/utils.py CHANGED Viewed

@@ -195,46 +195,6 @@ class ModelUtil:
         """
         return [field.name for field in self.model._meta.get_fields()]
-    def get_valid_input_fields(
-        self, is_serializer: bool, serializer: "ModelSerializer | None" = None
-    ) -> set[str]:
-        """
-        Get allowlist of valid field names for input validation.
-        Security: Prevents field injection by returning only fields that should
-        be accepted from user input.
-        Parameters
-        ----------
-        is_serializer : bool
-            Whether using a ModelSerializer
-        serializer : ModelSerializer, optional
-            Serializer instance if applicable
-        Returns
-        -------
-        set[str]
-            Set of valid field names that can be accepted in input payloads
-        """
-        valid_fields = set(self.model_fields)
-        # If using a serializer, also include custom fields
-        if is_serializer and serializer:
-            # Get all custom fields defined in the serializer
-            try:
-                # Custom fields are those that are not model fields but are defined
-                # in the serializer configuration
-                for schema_type in ['create', 'update', 'read', 'detail']:
-                    try:
-                        schema_fields = serializer.get_fields(schema_type)
-                        if schema_fields:
-                            valid_fields.update(schema_fields)
-                    except (AttributeError, TypeError):
-                        continue
-            except (AttributeError, TypeError):
-                pass
-        return valid_fields
     @property
     def model_name(self) -> str:
@@ -743,43 +703,6 @@ class ModelUtil:
         obj = await self.get_object(request, query_data=query_data, is_for=is_for)
         return await self._bump_object_from_schema(obj, obj_schema)
-    def _validate_input_fields(
-        self, payload: dict, is_serializer: bool, serializer
-    ) -> None:
-        """
-        Validate non-custom payload keys against model fields.
-        Parameters
-        ----------
-        payload : dict
-            Input payload to validate.
-        is_serializer : bool
-            Whether using a ModelSerializer.
-        serializer : ModelSerializer | Serializer
-            Serializer instance if applicable.
-        Raises
-        ------
-        SerializeError
-            If invalid field names are found in payload.
-        """
-        invalid_fields = []
-        for key in payload.keys():
-            # Skip custom fields - they're validated by Pydantic schema
-            if is_serializer and serializer.is_custom(key):
-                continue
-            # Validate non-custom fields exist on the model
-            if key not in self.model_fields:
-                invalid_fields.append(key)
-        if invalid_fields:
-            raise SerializeError(
-                {
-                    "detail": f"Invalid field names in payload: {', '.join(sorted(invalid_fields))}",
-                    "invalid_fields": sorted(invalid_fields),
-                },
-                400,
-            )
     def _collect_custom_and_optional_fields(
         self, payload: dict, is_serializer: bool, serializer
@@ -888,7 +811,7 @@ class ModelUtil:
         Steps
         -----
-        - Validate fields against allowlist (security).
+        - Validate fields against schema (including aliases and custom fields).
         - Strip custom fields (retain separately).
         - Drop optional fields with None (ModelSerializer only).
         - Decode BinaryField base64 values.
@@ -917,8 +840,8 @@ class ModelUtil:
         )
         serializer = self.serializer if self.with_serializer else self.model
-        # Security: Validate non-custom payload keys against model fields
-        self._validate_input_fields(payload, is_serializer, serializer)
+        # Note: Field validation is handled by Pydantic during schema deserialization
+        # No additional validation needed here since data is already a validated Schema instance
         # Collect custom and optional fields
         customs, optionals = self._collect_custom_and_optional_fields(

{django_ninja_aio_crud-2.18.1.dist-info → django_ninja_aio_crud-2.18.2.dist-info}/WHEEL RENAMED Viewed

File without changes

{django_ninja_aio_crud-2.18.1.dist-info → django_ninja_aio_crud-2.18.2.dist-info}/licenses/LICENSE RENAMED Viewed

File without changes

django-ninja-aio-crud 2.18.1__py3-none-any.whl → 2.18.2__py3-none-any.whl

Potentially problematic release.

django-ninja-aio-crud 2.18.1py3-none-any.whl → 2.18.2py3-none-any.whl