"solution" #731
"solution" #731
Conversation
There was a problem hiding this comment.
Great job on your submission! 🎉 While there are a few minor issues, such as the DEBUG setting and SECRET_KEY exposure, these are typical for development and can be adjusted for production. The logic in the create method for OrderSerializer and the condition in MovieViewSet can be improved, but they don't critically impact functionality. Keep up the good work and consider these improvements for future projects! 😊
✨ Please rate this review in the Platform's notification center. I will be grateful for your feedback! ✨
|
|
||
|
|
||
| class OrderSerializer(serializers.ModelSerializer): | ||
| tickets = TicketSerializer(many=True, read_only=True, allow_null=False) |
There was a problem hiding this comment.
The tickets field is marked as read_only=True, which means it will not be included in the validated_data during creation. Therefore, attempting to pop it in the create method will raise a KeyError. Consider removing the tickets field from validated_data handling or adjusting the logic to accommodate read-only fields.
| @@ -43,6 +55,28 @@ def get_serializer_class(self): | |||
|
|
|||
| return MovieSerializer | |||
|
|
|||
| def get_queryset(self): | |||
| queryset = super().get_queryset() | |||
| if self.action == ("list", "retrieve"): | |||
There was a problem hiding this comment.
The condition if self.action == ('list', 'retrieve'): is incorrect because it checks if self.action is equal to the tuple ('list', 'retrieve'). Instead, use if self.action in ['list', 'retrieve']: to check if the action is either 'list' or 'retrieve'.
| SECRET_KEY = ( | ||
| "django-insecure-6vubhk2$++agnctay_4pxy_8cq)mosmn(*-#2b^v4cgsh-^!i3" | ||
| ) | ||
| SECRET_KEY = "django-insecure-6vubhk2$++agnctay_4pxy_8cq)mosmn(*-#2b^v4cgsh-^!i3" |
There was a problem hiding this comment.
The SECRET_KEY is currently hardcoded and exposed in the settings file. For security reasons, especially in production, consider using environment variables to manage sensitive information like the secret key.
| SECRET_KEY = ( | ||
| "django-insecure-6vubhk2$++agnctay_4pxy_8cq)mosmn(*-#2b^v4cgsh-^!i3" | ||
| ) | ||
| SECRET_KEY = "django-insecure-6vubhk2$++agnctay_4pxy_8cq)mosmn(*-#2b^v4cgsh-^!i3" | ||
|
|
||
| # SECURITY WARNING: don't run with debug turned on in production! | ||
| DEBUG = True |
There was a problem hiding this comment.
The DEBUG setting is set to True. This is suitable for development but should be set to False in a production environment to avoid exposing sensitive information.
No description provided.