Serialization of SQLAlchemy Models (In collections or as single objects) is not supported by the libs own jsonify function

[duaneking]

EDIT: Fine then, I was trying to be civil, helpful, and provide details of the issue.. but I see now my help is unwanted.

Have a good day.

[bastianh]

There is no general way to serialize database objects to json. Databases support many datatypes that can't simply converted to json, like enums, uuids, dates, times and many more and jsonify is not able or supposed to handle all of those. jsonify is also not meant to ignore any fields or stuff like that. The jsonify function is not broken. It does exactly what is described in the documentation. If you need other functionality I suggest to write your own function, or choose a library that does what you want.
It's also not the right place to discuss changes of the jsonify function, since this is not the flask bugtracker.

[zzzeek]

if collections are serialized by default without any explicit directives, then what's to stop this serialization from continuing along all paths for as far as they go? E.g. object A has a list of Bs, each has a list of Cs, etc., that is, while A might be very small, the presence of the collection of B now means the serialization will be prohibitively huge. The common scenario then is that an application that happily serializes A's one day has a new feature added where A has a seldom-used collection of B made accessible; this change in the database schema and model now pushes itself out to entirely change the serialization format, breaking the application, breaking the consumers of the format, and causing the whole app to fall over.

this is why serialization of business objects IMHO should always be made based on an explicit schema to define this format, e.g. using a product like colander.

[mitsuhiko]

There will be no automatic serialization of data to JSON in Flask-SQLAlchemy because of the associated security risks.

[mitsuhiko]

That said: you can always bring stuff like that into your own extension if you think it works for you :)

[mitsuhiko]

@duaneking if you do not explicitly whitelist attributes you end up accidentally exposing stuff you do not want to expose. There have been absolutely terrible accidents of accidentally exposing something confidential with an automagic serialization layer in the past. Once you go about whitelisting you might as well just implement your own to_json() method, maybe through a decorator.

[ThiefMaster]

I think there are quite some cases where you don't want to expose ALL your columns when serializing to JSON. So it's a good thing if you cannot jsonify a SQLAlchemy object directly without even defining which columns should be jsonifiable.

[mitsuhiko]

(This has nothing to do with JSON array literals)

[davidism]

• What about a class A that relates to B that relates to C that relates to A? How do you prevent infinite loops? What if the loop occurs on the second traversal of C, not the first?
• What about if you don't want to embed relationships, but just show foreign keys? What about composite foreign keys?
• Do you include backrefs? Association proxies? Hybrid properties?
• What about other property attributes that aren't part of the SQL model?
• You want to exclude certain fields, but what if you want to exclude them only for users in a certain group? What about the same for including fields?
• What metadata about the query/relationship should be included? Pagination? What format does this take and where is it presented with the results?
• What about composite column types?
• What about custom collection classes on relationships?
• What about custom column types that return un-serializable classes?
• What about serializing a complex query that returns more than just model instances?
• Should deferred columns / lazy relationships be excluded by default instead of incurring extra queries?

These are just more reasons the serialization should be done in your application, not by this extension. There are too many decisions that effect the final output and are application specific.

[duaneking]

Now you are removing your responses after i show you to be incorrect? Isn't that sort of cheating?

[mitsuhiko]

There is really no point in discussing this. This sort of behavior is something I cannot agree with and as such will not end up in the library. Feel free to build a separate system for it.