This page captures common comments made when reviewing pull requests. This is a list of common mistakes, not a style guide.
In general you should follow existing style guides:
Most IDE tools have built in support for python code analysis. Make sure you are reviewing any issues highlighted in your IDE.
Each section heading below can also be used as short hand when adding comments to a PR.
- Don't use print statements. Use python's built-in logging facility. See other code in the repo as an example.
- Log errors at the correct level, either log.error or log.exception, depending on what you are logging. See here for a detailed explanation.
- Avoid use of generic exception handlers. See also.
- Not all exceptions need to be logged. If you're not sure ask. One example is Django's DoesNotExist exception. Generally this can be handled as an HTTP 404 without logging.
- All input sent to the server should be validated, regardless of whether it is validated in the browser.
- Input validation errors are generally considered HTTP 400 errors. When an error occurs, do not log it and return an appropriate error message to the user of the application.
- Django Serializer errors are generally considered input validation errors.
A server request that triggers multiple writes to a relational database should use a transaction. See Django's documentation for how to use this.
If the comment is providing useful documentation then it's fine. If it's old code, remove it.
Ajax requests can have the following:
- Timeout with no response.
- Success response.
- Error response - Client (HTTP 400) or server error (HTTP 500).
All scenarios should be handled appropriately in javascript code.
Here are some example review policies from other companies: