Django REST: Cannot add (write) nested item - django

I am attempting to POST a nested relationship with Django REST Framework (2.3.9), but I am getting this error:
ValueError: Cannot add "": instance is on database "default", value is on database "None"
It seems that Django (1.6) is not recognizing that my HeartbeatSerializer knows anything about ItemSerializer
{
"username":"testing",
"heartbeat": {
"items": [
{
"item_date": "2013-11-24T05:08:12Z",
"item_title": "disagreeing post",
"item_type": "post",
"item_karma": 25
}
]
}
}
Here's the serializers.py:
class ItemSerializer(serializers.ModelSerializer):
'''
Item Serializer
Items are User-generated Content which are captured
from various APIs made available from the Web or
Internet via REST consumed endpoints or Websites
which have been scraped.
'''
class Meta:
model = Item
# fields = ('id', 'item_title', 'item_karma',
# 'item_type', 'item_date', )
class DepthPatchSerializer(serializers.ModelSerializer):
def __init__(self, model=None, **kwargs):
if model is not None:
self.Meta.model = model
super(DepthPatchSerializer, self).__init__(**kwargs);
def get_nested_field(self, model_field):
return DepthPatchSerializer(model=model_field.rel.to)
class HeartbeatSerializer(DepthPatchSerializer):
'''
Heartbeat Serializer
Items are User-generated Content (USG) containers which are used
to consolidate normalized User-generated Interactions (USI).
'''
# items_queryset = Item.objects.all()
# items = ItemSerializer(items_queryset, many=True)
class Meta:
model = Heartbeat
# fields = ('id', 'items', )
depth = 1
class HackerAddSerializer(serializers.ModelSerializer):
'''
User Serializer
Each User is stored in the system itself for analysis and signaling.
We store users such that subsets of user behavior through USG can be
generated and analyzed.
'''
heartbeat = HeartbeatSerializer()
def _save_heartbeat_data(self):
heartbeat_data = self.init_data.get('heartbeat', None)
if heartbeat_data:
hs = HeartbeatSerializer(instance=self.object.heartbeat,
data=heartbeat_data)
import pdb; pdb.set_trace() # XXX BREAKPOINT
if hs.is_valid():
self.object.heartbeat = hs.object
hs.save()
else:
raise Exception(hs.errors)
def save(self):
self._save_heartbeat_data()
password = self.init_data.get('password', None)
confirm = self.init_data.get('confirm', None)
if password and password == confirm:
self.object.set_password(password)
super(HackerAddSerializer, self).save()
return self.object
class Meta:
model = Hacker
exclude = ['last_login', 'password',
'is_superuser', 'is_staff',
'is_active', 'user_permissions',
'groups', ]

Nested Serializers are Readonly at present (out of the box). You have to write your own conversion methods to support writable nested serializers (see docs).
There's work to implement writable nested serializers in the django rest framework project.
Instead, I'd suggest you use a RelatedField (like PrimaryKeyRelatedField or HyperlinkedRelatedField) to reference nested models. You can use the depth option to have these related fields nested when you serialize the data to the client.

Related

How to obtain the field from the parent serializer while serializing a nested json? [duplicate]

I'm working with Django-Rest-Framework's serializers. I have two serializers one nested with the other.
class NestedSerializer(serializers.Serializer):
value = AttributeValueField(required=True)
name = serializers.CharField(required=True)
class OuterSerializer(serializers.Serializer):
info = serializers.CharField()
nested = NestedSerializer()
In order to validate the nested serializer's data I need to retrieve input data from the parent serializer, something like this:
class NestedSerializer(serializers.Serializer):
...
def validate(self, data):
# of course, it doesn't work, but thats the idea.
info = self.parent.info
# then validate the NestedSerializer with info.
I can't find any way to get access to those input data from the validate method. Any suggestions? Thanks for your help :).
Before validate() method, DRF serializers call to_internal_value(self, data). You will get all data of parent serializer there. So as you defined validate() method in serializer, define to_internal_value() method and catch parent serializer's data.
You can access initial_data on the parent serializer from the nested serializers validate() method. I've also added some code for using the parent fields run_validation() method, which would validate and return the internal value from to_internal_value(), which might be a better than dealing with the initial data.
class NestedSerializer(serializers.Serializer):
def validate(self, data):
# Retrieve the initial data, perhaps this is all you need.
parent_initial_data = self.parent.initial_data
info = parent_initial_data.get("info", None)
# Get the corresponding field and use `run_validation` or `to_internal_value` if needed
if info:
info_field = self.parent.fields["info"]
info = info_field.run_validation(info)
# info = info_field.to_internal_value(info) # If you don't want validation, but do want the internal value
# Do your thing
return data
Try self.root.instance to get the parent instance in a nested serializer.
It might not be the best idea to do it this way, NestedSerializer should not be aware of the parent object. It would make your code difficult to maintain, also it would make NestedSerializer dependent on OuterSerializer.
Instead, define a validate(self, data) method in the OuterSerializer and run the mutual validation there.
Here's what I'm doing now but I'm interested to see other answers..
Basically I've created a custom field for the field in the parent serializer that needs to be accessed in the child serializer - in this case "customer". Then override to_internal_value() to add the field's validated data as an attribute on the parent serializer.
Once it's been added as an attribute it can be accessed on the child serializer through self.parent.<attribute_name> or on child serializer fields by self.root.<attribute_name>
class CustomerField(serializers.PrimaryKeyRelatedField):
def to_internal_value(self, data):
# Set the parent serializer's `customer` attribute to the validated
# Customer object.
ret = super().to_internal_value(data)
self.parent.customer = ret
return ret
class DebitField(serializers.PrimaryKeyRelatedField):
default_related_name = {
'OnAccount': 'onaccounts',
'Order': 'orders'
}
def get_queryset(self):
# Method must be overridden so the `queryset` argument is not required.
return super().get_queryset()
def set_queryset_from_context(self, model_name):
# Override the queryset depending on the model name.
queryset = self.default_related_name[model_name]
self.queryset = getattr(self.parent.customer, queryset)
def to_internal_value(self, data):
# Get the model from the `debit_type` and the object id from `debit`
# then validate that the object exists in the related queryset.
debit_type = data.pop('debit_type')
self.set_queryset_from_context(debit_type)
super().to_internal_value(data)
class PaymentLineSerializer(serializers.ModelSerializer):
debit = DebitField()
class Meta:
model = PaymentLine
fields = (
'id',
'payment',
'debit_type',
'debit', # GenericForeignKey
'amount',
)
def to_internal_value(self, data, *args):
data['debit'] = {
'debit': data.pop('debit'),
'debit_type': data.pop('debit_type'),
}
ret = super().to_internal_value(data)
return ret
def to_representation(self, instance):
data = super().to_representation(instance)
data['debit'] = instance.debit._meta.object_name
return data
class PaymentSerializer(serializers.ModelSerializer):
customer = CustomerField(queryset=Customer.objects.all())
class Meta:
model = Payment
fields = (
'id',
'customer',
'method',
'type',
'date',
'num_ref',
'comment',
'amount',
)
def __init__(self, *args, **kwargs):
self.customer = None
super().__init__(*args, **kwargs)
self.fields['lines'] = PaymentLineSerializer(
context=self.context,
many=True,
write_only=True,
)
You are almost there!!!
Use self.parent.initial_data to access the data given to the parent serializer.
class NestedSerializer(serializers.Serializer):
value = AttributeValueField(required=True)
name = serializers.CharField(required=True)
def validate(self, attrs):
attrs = super().validate(attrs)
the_input_data = self.parent.initial_data
info = the_input_data['info'] # this will not be the "validated data
# do something with your "info"
return attrs
Do not hardcode the field_name
self.parent.initial_data[self.field_name]

How to Create a Django Model Instance That Contains a Required OneToOneField with DRF Serializers

The Question
Let's say I have a model that contains a OneToOneField like so:
models.py
class Event(models.Model)
# some basic fields...
class EventDetail(models.Model):
event = models.OneToOneField(Event, on_delete=models.CASCADE,
related_name='event_detail')
# other basic fields, all with default values...
What is a proper way to implement a POST request that intends to create a new Event in the database that automatically creates a default EventDetail linked to it if it is None in the request header, using Django Rest Framework's Serializers?
My Attempt
test.py
class EventTestCase(APITestCase):
def test_post(self):
# Need to provide an id, or else an error occurs about the OneToOneField
event = Event(id=1)
serializer = serializers.EventSerializer(event)
res = self.api_client.post('/event/', serializer.data)
views.py
def post(self, request, format=None):
serializer = EventSerializer(
data=request.data)
# ***This always returns false!***
if serializer.is_valid():
try:
instance = serializer.save()
except ValueError:
return Response(status=status.HTTP_400_BAD_REQUEST)
serializers.py
class EventSerializer(serializers.ModelSerializer):
serialization_title = "Event"
event_detail = EventDetailSerializer()
class Meta:
model = Event
exclude = ('id',)
error_status_codes = {
HTTP_400_BAD_REQUEST: 'Bad Request'
}
class EventDetailSerializer(serializers.ModelSerializer):
serialization_title = "Event Detail"
class Meta:
model = models.EventDetail
exclude = ('id',)
error_status_codes = {
HTTP_400_BAD_REQUEST: 'Bad Request'
}
As noted in a comment above, serializer.is_valid() always returns false with the error:
{'event_detail': [u'This field may not be null.']}
I understand that this is complaining because both EventDetail and Event need to be created in order for a OneToOne relationship to be added, but how do you deal with this using Serializers when a OneToOneField is required and yet not provided by the client?
Thank you for your help.
Disclaimer: I am using Django 1.11
You can declare the EventDetailSerializer with read_only=True or required=False and then handle the creation of the EventDetail in different ways, for example: you could have a post_save signal that listens to the Event class - once a new Event object has been created, you can then create the initial EventDetail object, or you perform this creation after your serializer.save() on the post definition, or even on your create method of your EventSerializer.
edit: an example on how you could perform the creation using the EventDetailSerializer and overriding the create method of your EventSerializer.
def create(self, validated_data):
detail = self.initial_data.get('event_detail')
instance = super().create(validated_data)
if detail:
serializer = EventDetailSerializer(data=detail)
serializer.is_valid(raise_exception=True)
serializer.save(event=instance)
return instance

Handling multiple query params

I have a create user view and here I first register a normal user and then create a player object for that user which has a fk relation with the user.
In my case, I have three different types of users
I created a view to handle register all three different types of users, but my player user has a lot of extra model fields and storing all query params in variables will make it messy.
Is there a better way to handle this, including validation?
TLDR; I created a view to handle register all three different types of users, but my player user has a lot of extra model fields and storing all query params in variables will make it messy. Is there a better way to handle this, including validation?
This is my view.
class CreateUser(APIView):
"""
Creates the User.
"""
def post(self, request):
email = request.data.get('email', None).strip()
password = request.data.get('password', None).strip()
name = request.data.get('name', None).strip()
phone = request.data.get('phone', None)
kind = request.query_params.get('kind', None).strip()
print(kind)
serializer = UserSerializer(data={'email': email, 'password':password})
serializer.is_valid(raise_exception=True)
try:
User.objects.create_user(email=email,
password=password)
user_obj = User.objects.get(email=email)
except:
raise ValidationError('User already exists')
if kind == 'academy':
Academy.objects.create(email=email, name=name, phone=phone, user=user_obj)
if kind == 'coach':
Coach.objects.create(email=email, name=name, phone=phone, user=user_obj)
if kind == 'player':
Player.objects.create(----------)
return Response(status=200)
Use a Model Serializer
In your case, define it in serializers.py like this:
from rest_framework import serializers
class CustomBaseSerializer(serializers.ModelSerializer):
def create(self, validated_data):
validated_data['user'] = self.context['user']
return super(CustomBaseSerializer, self).create(validated_data)
class PlayerSerializer(CustomBaseSerializer):
class Meta:
model = Player
fields = ('count', 'height', 'right_handed', 'location',
'size', 'benchmark_swingspeed',
'benchmark_impactspeed', 'benchmark_stance',
'benchmark_balanceindex',)
class AcademySerializer(CustomBaseSerializer):
class Meta:
model = Academy
fields = '__all__' # Usually better to explicitly list fields
class CoachSerializer(CustomBaseSerializer):
class Meta:
model = Coach
fields = '__all__'
Then in your view
class CreateUser(APIView):
"""
Creates the User.
"""
def post(self, request):
print(kind)
try:
user = User.objects.get(email=request.data.get('email'))
except User.DoesNotExist:
pass
else:
raise ValidationError('User already exists')
user_serializer = UserSerializer(data=request.data)
user_serializer.is_valid(raise_exception=True)
user = user_serializer.save()
if kind == 'academy':
serializer_class = AcademySerializer
if kind == 'coach':
serializer_class = CoachSerializer
if kind == 'player':
serializer_class = PlayerSerializer
serializer = serializer_class(data=request.data, context={'user': user})
serializer.save()
return Response(serializer.data) # Status is 200 by default so you don't need to include it. RESTful API's should return the instance created, this also delivers the newly generated primary key back to the client.
# Oh and if you do serialize the object in the response, write serializers for academy and coach too, so the api response is consistent
Serializers are really powerful and useful. It is well worth thoroughly reading the docs.
First, I'd recommend to POST the parameters in a JSON or a form, instead of using the query params. But regardless the method, the solution is pretty much the same.
First, you could define the fields you're interested in a list. For example:
FIELDS = (
'count',
'height',
'right_handed',
'location',
'size',
'benchmark_swingspeed',
'benchmark_impactspeed',
'benchmark_stance',
'benchmark_balanceindex',
)
And then get all the values from the query params and store them in a dict, like:
player_params = {}
for field in FIELDS:
player_params[field] = request.query_params.get(field)
Now you have all the params required for a player in a dict and you can pass it to the Player model as **kwargs. Of course you'll probably need some validation. But in the end, you'll be able to do the following:
Player.objects.create(user=user_obj, **player_params)

Django REST Framework - is_valid() always passing and empty validated_data being returned

I have the following JSON GET request going to the server that defines a product configuration:
{'currency': ['"GBP"'], 'productConfig': ['[{"component":"c6ce9951","finish":"b16561c9"},{"component":"048f8bed","finish":"b4715cda"},{"component":"96801e41","finish":"8f90f764"},{"option":"6a202c62","enabled":false},{"option":"9aa498e0","enabled":true}]']}
I'm trying to validate this through DRF, and I have the following configuration:
views.py
class pricingDetail(generics.ListAPIView):
authentication_classes = (SessionAuthentication,)
permission_classes = (IsAuthenticated,)
parser_classes = (JSONParser,)
def get(self, request, *args, **kwargs):
pricingRequest = pricingRequestSerializer(data=request.query_params)
if pricingRequest.is_valid():
return Response('ok')
serializers.py
class pricingComponentSerializer(serializers.ModelSerializer):
class Meta:
model = Component
fields = ('sku',)
class pricingFinishSerializer(serializers.ModelSerializer):
class Meta:
model = Finish
fields = ('sku',)
class pricingOptionSerializer(serializers.ModelSerializer):
class Meta:
model = ProductOption
fields = ('sku',)
class pricingConfigSerializer(serializers.ModelSerializer):
finish = pricingFinishSerializer(read_only=True, many=True)
component = pricingComponentSerializer(read_only=True, many=True)
option = pricingOptionSerializer(read_only=True, many=True)
enabled = serializers.BooleanField(read_only=True)
class pricingCurrencySerializer(serializers.ModelSerializer):
class Meta:
model = Currency
fields = ('currencyCode',)
class pricingRequestSerializer(serializers.Serializer):
config = pricingConfigSerializer(read_only=True)
currency = pricingCurrencySerializer(read_only=True)
As you can see I'm trying to validate multiple models within the same request through the use of inline serializers.
My problem
The code above allow everything to pass through is_valid() (even when I make an invalid request, and, it also returns an empty validated_data (OrderedDict([])) value.
What am I doing wrong?
extra information
the JS generating the GET request is as follows:
this.pricingRequest = $.get(this.props.pricingEndpoint, { productConfig: JSON.stringify(this.state.productConfig), currency: JSON.stringify(this.state.selectedCurrency) }, function (returnedData, status) {
console.log(returnedData);
I currently don't have a computer to dig through the source but you might want to check the read_only parameters on your serializer. Afaik this only works for showing data in responses.
You can easily check by using ipdb (ipython debugger)
Just put:
import ipdb; ipdb.set_trace()
Somewhere you want to start debugging, start you server and start the request.

Django Rest Framework: Disable field update after object is created

I'm trying to make my User model RESTful via Django Rest Framework API calls, so that I can create users as well as update their profiles.
However, as I go through a particular verification process with my users, I do not want the users to have the ability to update the username after their account is created. I attempted to use read_only_fields, but that seemed to disable that field in POST operations, so I was unable to specify a username when creating the user object.
How can I go about implementing this? Relevant code for the API as it exists now is below.
class UserSerializer(serializers.HyperlinkedModelSerializer):
class Meta:
model = User
fields = ('url', 'username', 'password', 'email')
write_only_fields = ('password',)
def restore_object(self, attrs, instance=None):
user = super(UserSerializer, self).restore_object(attrs, instance)
user.set_password(attrs['password'])
return user
class UserViewSet(viewsets.ModelViewSet):
"""
API endpoint that allows users to be viewed or edited.
"""
serializer_class = UserSerializer
model = User
def get_permissions(self):
if self.request.method == 'DELETE':
return [IsAdminUser()]
elif self.request.method == 'POST':
return [AllowAny()]
else:
return [IsStaffOrTargetUser()]
Thanks!
It seems that you need different serializers for POST and PUT methods. In the serializer for PUT method you are able to just except the username field (or set the username field as read only).
class UserViewSet(viewsets.ModelViewSet):
"""
API endpoint that allows users to be viewed or edited.
"""
serializer_class = UserSerializer
model = User
def get_serializer_class(self):
serializer_class = self.serializer_class
if self.request.method == 'PUT':
serializer_class = SerializerWithoutUsernameField
return serializer_class
def get_permissions(self):
if self.request.method == 'DELETE':
return [IsAdminUser()]
elif self.request.method == 'POST':
return [AllowAny()]
else:
return [IsStaffOrTargetUser()]
Check this question django-rest-framework: independent GET and PUT in same URL but different generics view
Another option (DRF3 only)
class MySerializer(serializers.ModelSerializer):
...
def get_extra_kwargs(self):
extra_kwargs = super(MySerializer, self).get_extra_kwargs()
action = self.context['view'].action
if action in ['create']:
kwargs = extra_kwargs.get('ro_oncreate_field', {})
kwargs['read_only'] = True
extra_kwargs['ro_oncreate_field'] = kwargs
elif action in ['update', 'partial_update']:
kwargs = extra_kwargs.get('ro_onupdate_field', {})
kwargs['read_only'] = True
extra_kwargs['ro_onupdate_field'] = kwargs
return extra_kwargs
Another method would be to add a validation method, but throw a validation error if the instance already exists and the value has changed:
def validate_foo(self, value):
if self.instance and value != self.instance.foo:
raise serializers.ValidationError("foo is immutable once set.")
return value
In my case, I wanted a foreign key to never be updated:
def validate_foo_id(self, value):
if self.instance and value.id != self.instance.foo_id:
raise serializers.ValidationError("foo_id is immutable once set.")
return value
See also: Level-field validation in django rest framework 3.1 - access to the old value
My approach is to modify the perform_update method when using generics view classes. I remove the field when update is performed.
class UpdateView(generics.UpdateAPIView):
...
def perform_update(self, serializer):
#remove some field
rem_field = serializer.validated_data.pop('some_field', None)
serializer.save()
I used this approach:
def get_serializer_class(self):
if getattr(self, 'object', None) is None:
return super(UserViewSet, self).get_serializer_class()
else:
return SerializerWithoutUsernameField
UPDATE:
Turns out Rest Framework already comes equipped with this functionality. The correct way of having a "create-only" field is by using the CreateOnlyDefault() option.
I guess the only thing left to say is Read the Docs!!!
http://www.django-rest-framework.org/api-guide/validators/#createonlydefault
Old Answer:
Looks I'm quite late to the party but here are my two cents anyway.
To me it doesn't make sense to have two different serializers just because you want to prevent a field from being updated. I had this exact same issue and the approach I used was to implement my own validate method in the Serializer class. In my case, the field I don't want updated is called owner. Here is the relevant code:
class BusinessSerializer(serializers.ModelSerializer):
class Meta:
model = Business
pass
def validate(self, data):
instance = self.instance
# this means it's an update
# see also: http://www.django-rest-framework.org/api-guide/serializers/#accessing-the-initial-data-and-instance
if instance is not None:
originalOwner = instance.owner
# if 'dataOwner' is not None it means they're trying to update the owner field
dataOwner = data.get('owner')
if dataOwner is not None and (originalOwner != dataOwner):
raise ValidationError('Cannot update owner')
return data
pass
pass
And here is a unit test to validate it:
def test_owner_cant_be_updated(self):
harry = User.objects.get(username='harry')
jack = User.objects.get(username='jack')
# create object
serializer = BusinessSerializer(data={'name': 'My Company', 'owner': harry.id})
self.assertTrue(serializer.is_valid())
serializer.save()
# retrieve object
business = Business.objects.get(name='My Company')
self.assertIsNotNone(business)
# update object
serializer = BusinessSerializer(business, data={'owner': jack.id}, partial=True)
# this will be False! owners cannot be updated!
self.assertFalse(serializer.is_valid())
pass
I raise a ValidationError because I don't want to hide the fact that someone tried to perform an invalid operation. If you don't want to do this and you want to allow the operation to be completed without updating the field instead, do the following:
remove the line:
raise ValidationError('Cannot update owner')
and replace it with:
data.update({'owner': originalOwner})
Hope this helps!
More universal way to "Disable field update after object is created"
- adjust read_only_fields per View.action
1) add method to Serializer (better to use your own base cls)
def get_extra_kwargs(self):
extra_kwargs = super(BasePerTeamSerializer, self).get_extra_kwargs()
action = self.context['view'].action
actions_readonly_fields = getattr(self.Meta, 'actions_readonly_fields', None)
if actions_readonly_fields:
for actions, fields in actions_readonly_fields.items():
if action in actions:
for field in fields:
if extra_kwargs.get(field):
extra_kwargs[field]['read_only'] = True
else:
extra_kwargs[field] = {'read_only': True}
return extra_kwargs
2) Add to Meta of serializer dict named actions_readonly_fields
class Meta:
model = YourModel
fields = '__all__'
actions_readonly_fields = {
('update', 'partial_update'): ('client', )
}
In the example above client field will become read-only for actions: 'update', 'partial_update' (ie for PUT, PATCH methods)
This post mentions four different ways to achieve this goal.
This was the cleanest way I think: [collection must not be edited]
class DocumentSerializer(serializers.ModelSerializer):
def update(self, instance, validated_data):
if 'collection' in validated_data:
raise serializers.ValidationError({
'collection': 'You must not change this field.',
})
return super().update(instance, validated_data)
Another solution (apart from creating a separate serializer) would be to pop the username from attrs in the restore_object method if the instance is set (which means it's a PATCH / PUT method):
def restore_object(self, attrs, instance=None):
if instance is not None:
attrs.pop('username', None)
user = super(UserSerializer, self).restore_object(attrs, instance)
user.set_password(attrs['password'])
return user
If you don't want to create another serializer, you may want to try customizing get_serializer_class() inside MyViewSet. This has been useful to me for simple projects.
# Your clean serializer
class MySerializer(serializers.ModelSerializer):
class Meta:
model = MyModel
fields = '__all__'
# Your hardworking viewset
class MyViewSet(MyParentViewSet):
serializer_class = MySerializer
model = MyModel
def get_serializer_class(self):
serializer_class = self.serializer_class
if self.request.method in ['PUT', 'PATCH']:
# setting `exclude` while having `fields` raises an error
# so set `read_only_fields` if request is PUT/PATCH
setattr(serializer_class.Meta, 'read_only_fields', ('non_updatable_field',))
# set serializer_class here instead if you have another serializer for finer control
return serializer_class
setattr(object, name, value)
This is the counterpart of getattr(). The
arguments are an object, a string and an arbitrary value. The string
may name an existing attribute or a new attribute. The function
assigns the value to the attribute, provided the object allows it. For
example, setattr(x, 'foobar', 123) is equivalent to x.foobar = 123.
class UserUpdateSerializer(UserSerializer):
class Meta(UserSerializer.Meta):
fields = ('username', 'email')
class UserViewSet(viewsets.ModelViewSet):
def get_serializer_class(self):
return UserUpdateSerializer if self.action == 'update' else super().get_serializer_class()
djangorestframework==3.8.2
I would suggest also looking at Django pgtrigger
This allows you to install triggers for validation. I started using it and was very pleased with its simplicity:
Here's one of their examples that prevents a published post from being updated:
import pgtrigger
from django.db import models
#pgtrigger.register(
pgtrigger.Protect(
operation=pgtrigger.Update,
condition=pgtrigger.Q(old__status='published')
)
)
class Post(models.Model):
status = models.CharField(default='unpublished')
content = models.TextField()
The advantage of this approach is it also protects you from .update() calls that bypass .save()