Direct Attachment Uploads

[msc5]

No description provided.

[gracewhitney]

Bunch of comments, sorry 😬 many of them are not specific to file uploads, but since this is a reference codebase want to make sure we're keeping everything clean

[gracewhitney]

🎨 escape isn't doing anything here - it's already autoescaped. I don't think it's a good idea to inline the json as a param like this, though - won't the quotes in the json blob interfere with html parsing? It would be better to use json_script and provide an id to the element containing the JSON. Or, just populate async from an internal API path.

[msc5]

I have experimented a little with using json_script in various places, and I agree it is better from a stability and security perspective, but I can't seem to find a good pattern to work with both this use case (rendering a list of attachments on the dashboard) and in the custom django form field case simultaneously. In the latter case, you really want to collocate the existing attachments context (in other cases, for instance in a Model multi-select widget, you'd want the serialized choices queryset), and if the form is within a vue app, vue will strip the <script> tags, and I haven't really found a good way to circumvent that. To that end, passing the context directly in props seems to be the cleanest and most django-like way to go.

I have cleaned up the passing of variables here though, I now directly consume the queryset json in the files vue model rather than using an intermediate variable, and i've removed the escape template tag (I agree I don't think that does anything here).

❓ Do you have any other ideas for a good pattern that achieves both of these goals?

[gracewhitney]

❓ Why is this a many to many instead of a FK? I suppose there could be a case for M2M but seems less likely, not that it particularly matters for the example

[msc5]

This code originates from DPU use-cases, and on that project MTM is very much preferred, not only in linking attachments but also in linking almost every other model. I would potentially be interested in implementing both methods (FK + MTM) since this is a reference/example implementation, if you think that would be useful

[gracewhitney]

❓ Do you prefer overriding to_representation instead of using SerializerMethodField?

[msc5]

I think it depends on the situation, but in this case I think it would be much more verbose and provide no real benefits (its not like serializers are type-hinted anyways ☹️). What are your thoughts?

Edit: Actually if it is explicit, then drf-spectacular would be able to generate a better openAPI spec so that would be a decent benefit

[gracewhitney]

❓ Why change in base image?

[gracewhitney]

Do we need git on the server? If you need it in a particular instance you can always install it, but doesn't seem necessary in general

[gracewhitney]

❓ I don't see a .bashrc file in this codebase - won't this fail if not present?

[gracewhitney]

15 workers? We're using 2 workers w/ 5 threads each.

[gracewhitney]

Not needed if you replace the boto3 calls with default_storage calls. Also need to pip-compile