I have the following code working perfectly. I can create a Post object from DRF panel by selecting an image and a user. However I want DRF to populate the user field by the currently logged in user.
models.py
class Post(TimeStamped):
user = models.ForeignKey(User)
photo = models.ImageField(upload_to='upload/')
hidden = models.BooleanField(default=False)
upvotes = models.PositiveIntegerField(default=0)
downvotes = models.PositiveIntegerField(default=0)
comments = models.PositiveIntegerField(default=0)
serializers.py
class PostSerializer(serializers.ModelSerializer):
class Meta:
model = Post
fields = ['id', 'user', 'photo']
views.py
class PhotoListAPIView(generics.ListCreateAPIView):
queryset = Post.objects.filter(hidden=False)
serializer_class = PostSerializer
authentication_classes = (SessionAuthentication, BasicAuthentication)
permission_classes = (IsAuthenticated,)
How can I do this?
Off the top of my head, you can just override the perform_create() method:
class PhotoListAPIView(generics.ListCreateAPIView):
...
def perform_create(self, serializer):
serializer.save(user=self.request.user)
Give that a shot and let me know if it works
You can use CurrentUserDefault:
user = serializers.PrimaryKeyRelatedField(
read_only=True,
default=serializers.CurrentUserDefault()
)
It depends on your use case. If you want it to be "write-only", meaning DRF automatically populates the field on write and doesn't return the User on read, the most straight-forward implementation according to the docs would be with a HiddenField:
class PhotoListAPIView(generics.ListCreateAPIView):
user = serializers.HiddenField(
default=serializers.CurrentUserDefault(),
)
If you want want it to be readable, you could use a PrimaryKeyRelatedField while being careful that your serializer pre-populates the field on write - otherwise a user could set the user field pointing to some other random User.
class PhotoListAPIView(generics.ListCreateAPIView):
user = serializers.PrimaryKeyRelatedField(
# set it to read_only as we're handling the writing part ourselves
read_only=True,
)
def perform_create(self, serializer):
serializer.save(user=self.request.user)
Finally, note that if you're using the more verbose APIView instead of generics.ListCreateAPIView, you have to overwrite create instead of perform_create like so:
class PhotoListAPIView(generics.ListCreateAPIView):
user = serializers.PrimaryKeyRelatedField(
read_only=True,
)
def create(self, validated_data):
# add the current User to the validated_data dict and call
# the super method which basically only creates a model
# instance with that data
validated_data['user'] = self.request.user
return super(PhotoListAPIView, self).create(validated_data)
You can avoid passing the user in your request and you won't see it in the output but DRF will populate it automatically:
from rest_framework import serializers
class MyModelSerializer(serializers.ModelSerializer):
user = serializers.HiddenField(default=serializers.CurrentUserDefault())
class Meta:
model = models.MyModel
fields = (
'user',
'other',
'fields',
)
As of DRF version 3.8.0 (Pull Request discussion), you can override save() in serializer.
from rest_framework import serializers
...
class PostSerializer(serializers.ModelSerializer):
user = serializers.PrimaryKeyRelatedField(read_only=True, default=serializers.CurrentUserDefault())
class Meta:
model = Post
fields = ['id', 'user', 'photo']
def save(self, **kwargs):
"""Include default for read_only `user` field"""
kwargs["user"] = self.fields["user"].get_default()
return super().save(**kwargs)
#DaveBensonPhillips's answer might work in your particular case for some time, but it is not very generic since it breaks OOP inheritance chain.
ListCreateAPIView inherits from CreateModelMixin which saves the serializer already. You should always strive to get the full chain of overridden methods executed unless you have a very good reason not to. This way your code stays DRY and robust against changes:
class PhotoListAPIView(generics.ListCreateAPIView):
...
def perform_create(self, serializer):
serializer.validated_data['user'] = self.request.user
return super(PhotoListAPIView, self).perform_create(serializer)
You will have to override the default behavior of how generics.ListCreateAPIView creates an object.
class PhotoListAPIView(generics.ListCreateAPIView):
queryset = Post.objects.filter(hidden=False)
authentication_classes = (SessionAuthentication, BasicAuthentication)
permission_classes = (IsAuthenticated,)
def get_serializer_class(self):
if self.request.method == 'POST':
return CreatePostSerializer
else:
return ListPostSerializer
def create(self, request, *args, **kwargs):
# Copy parsed content from HTTP request
data = request.data.copy()
# Add id of currently logged user
data['user'] = request.user.id
# Default behavior but pass our modified data instead
serializer = self.get_serializer(data=data)
serializer.is_valid(raise_exception=True)
self.perform_create(serializer)
headers = self.get_success_headers(serializer.data)
return Response(serializer.data, status=status.HTTP_201_CREATED, headers=headers)
The .get_serializer_class() is not necessary as you can specify which fields are read-only from your serializer, but based on the projects I have worked on, I usually end up with 'asymmetric' serializers, i.e. different serializers depending on the intended operation.
Try this:
def post(self, request, format=None)
serializer = ProjectSerializer(data=request.data)
request.data['user'] = request.user.id
if serializer.is_valid():
serializer.save()
return Response(serializer.data, status=status.HTTP_201_CREATED)
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST
This is what works for me in serializers.py, where I am also using nested data. I want to display created_by_username without having to lookup other users.
class ListSerializer(serializers.ModelSerializer):
"""
A list may be created with items
"""
items = ItemSerializer(many=True)
# automatically set created_by_id as the current user's id
created_by_id = serializers.PrimaryKeyRelatedField(
read_only=True,
)
created_by_username = serializers.PrimaryKeyRelatedField(
read_only=True
)
class Meta:
model = List
fields = ('id', 'name', 'description', 'is_public',
'slug', 'created_by_id', 'created_by_username', 'created_at',
'modified_by', 'modified_at', 'items')
def create(self, validated_data):
items_data = validated_data.pop('items', None)
validated_data['created_by_id'] = self.context['request'].user
validated_data['created_by_username'] = self.context['request'].user.username
newlist = List.objects.create(**validated_data)
for item_data in items_data:
Item.objects.create(list=newlist, **item_data)
return newlist
I wrote an extension to DRF's serializer below
from rest_framework import serializers
class AuditorBaseSerializer(serializers.Serializer):
created_by = serializers.StringRelatedField(default=serializers.CurrentUserDefault(), read_only=True)
updated_by = serializers.StringRelatedField(default=serializers.CurrentUserDefault(), read_only=True)
def save(self, **kwargs):
# if creating record.
if self.instance is None:
kwargs["created_by"] = self.fields["created_by"].get_default()
kwargs["updated_by"] = self.fields["updated_by"].get_default()
return super().save(**kwargs)
and it can be used as follows
class YourSerializer(serializers.ModelSerializer, AuditorBaseSerializer):
class Meta:
model = SelfEmployedBusiness
fields = (
'created_by',
'updated_by',
)
Related
I am Designing a Model
class Timer(models.Model):
total_time = models.FloatField(default=5)
date_time = models.DateTimeField(auto_now_add=True)
class WatchTiming(models.Model):
user = models.OneToOneField("authentication.User", on_delete=models.CASCADE, primary_key=True)
current_timer = models.ForeignKey(Timer, on_delete=models.CASCADE, related_name="current_timer")
previous_timers = models.ForeignKey(Timer, on_delete=models.CASCADE, related_name="previous_timers")
and serializer for this model is
from rest_framework import serializers
from .models import Timer, WatchTiming
class TimerSerializer(serializers.ModelSerializer):
class Meta:
model = Timer
exclude = ("id",)
class WatchTimingSerializer(serializers.ModelSerializer):
current_timer = TimerSerializer(required=False)
previous_timers = TimerSerializer(many=True, read_only=True)
user = serializers.PrimaryKeyRelatedField(read_only=True)
class Meta:
model = WatchTiming
fields = "__all__"
def create(self, validated_data):
watch_timing = WatchTiming.objects.create(user=self.context["request"].user, current_timer=Timer.objects.create())
return watch_timing
WatchTiming is a table that is used to store user watch time
current_timer stores today's timer
when the day expires current_timer values are added in the previous_timer and the current_timer value is replaced with the default
Now My issue is how can I create one to many relationships, I already have written relationships but its not working
I have been stuck on this for 4 consecutive days.
You can use a subserializer, just like you did with your TimerSerializers:
from rest_framework import serializers
from .models import Timer, WatchTiming
class UserSerializer(serializers.ModelSerializer):
class Meta:
model = User # authentication.User
fields = (
'id',
'username',
)
class WatchTimingSerializer(serializers.ModelSerializer):
current_timer = TimerSerializer(required=False)
previous_timers = TimerSerializer(read_only=True)
user = serializers.UserSerializer(read_only=True)
class Meta:
model = WatchTiming
fields = '__all__'
def create(self, validated_data):
return WatchTiming.objects.create(
user=self.context['request'].user,
current_timer=Timer.objects.create(),
)
Note: It is normally better to make use of the settings.AUTH_USER_MODEL [Django-doc] to refer to the user model, than to use the User model [Django-doc] directly. For more information you can see the referencing the User model section of the documentation.
Note: The related_name=… parameter [Django-doc]
is the name of the relation in reverse, so from the Timer model to the WatchTiming
model in this case. Therefore it (often) makes not much sense to name it the
same as the forward relation. You thus might want to consider renaming the current_timer relation to watch_timings.
By using SerializerMethodField you can create one to many relationships.
class UserSerializer(serializers.ModelSerializer):
class Meta:
model = User
fields = "__all__"
class WatchTimingSerializer(serializers.ModelSerializer):
current_timer = TimerSerializer(required=False)
previous_timers = TimerSerializer(many=True, read_only=True)
user = serializers.SerializerMethodField(read_only=True)
class Meta:
model = WatchTiming
fields = "__all__"
def get_user(self, obj):
data = User.objects.filter(id=obj.id)
return UserSerializer(data, many=True).data
I would like to add permissions to ModelViewSet and restrict the current user ("Waiter") role from create and delete categories but dont know how to work with the mixins. Could you help?
Here is the view:
class CategoriesFilter(filters.FilterSet):
class Meta:
model = Categories
fields = (
'name', 'description', 'created_by__id', 'updated_by__id', 'parant__id')
class CategoriesModelViewSet(ModelViewSet):
queryset = Categories.objects.all()
serializer_class = CategoriesModelSerializer
pagination_class = LimitOffsetPagination # ?offset=0&limit=2 <= add this to the url field to test you pagination
filter_backends = (DjangoFilterBackend, OrderingFilter)
filter_class = CategoriesFilter
ordering_fields = ('name', 'parant__id')
def get_permissions(self):
if self.action in ['update', 'partial_update', 'list']:
self.permission_classes = [permissions.IsWaiter,]
return super(self.__class__, self).get_permissions()
You can follow examples on the doc here:
Write you own permission and bind to permissions classes.
This would be something like:
class CustomPerm(permissions.BasePermission):
def has_object_permission(self, request, view, obj):
# Read permissions are allowed to any request,
# so we'll always allow GET, HEAD or OPTIONS requests.
if request.method in permissions.SAFE_METHODS:
return True
is_allowed = request.user.user_permissions.filter(yourpermquery)
# or
is_allowed = request.user.groups.filter(name='yourrole')
return is_allowed
I am trying to pass a django model object to a field in a serializer that is for a foreign key field in the model. However, I get the error: "Object of type AuthorUser is not JSON serializable."
Here is the model the serializer is for:
class Article(models.Model):
title = models.CharField(max_length=200, unique=True)
author = models.ForeignKey(AuthorUser, on_delete=models.CASCADE)
body = models.TextField()
posted=models.BooleanField(default=False)
edited = models.BooleanField(default=False)
ready_for_edit = models.BooleanField(default=False)
Here is the serializer (author is the field specifically that is giving me trouble):
class CreateArticleSerializer(serializers.ModelSerializer):
class Meta:
model = Article
fields = ['title', 'body', 'author']
And here is the view that has the code that causes the error (the POST method is the part that causes the error):
#api_view(['GET', 'POST'])
def articles(request):
if request.method == 'GET':
articles = Article.objects.all()
serializer = CreateArticleSerializer(articles, many=True)
return Response(serializer.data)
if request.method == 'POST':
if request.user.is_authenticated:
author = AuthorUser.objects.get(id=request.data['author'])
request.data['author'] = author
print(request.data)
serializer = CreateArticleSerializer(data=request.data)
if serializer.is_valid():
serializer.save()
return Response(serializer.data)
else:
return HttpResponse(status=401)
Any help is appreciated! Just to let you know, when creating these articles using an id, it works, however, it creates a new field in Article called author_id. Then when I try to access author it gives me author_id so that doesn't work.
You need to change your serializer as follows:
class CreateArticleSerializer(serializers.ModelSerializer):
author = serializers.SlugRelatedField(queryset=AuthorUser.objects.all(),
slug_field='id')
class Meta:
model = Article
fields = ['title', 'body', 'author']
Now if you will pass id in your view while calling serializer it will create the object of model. Hope this will work for you.
I have 3 models. User, process, processmapping. process model has a created_by filed which is a foreign key to user model. processmapping model has processname filed which is a foreign key to process table.
My code is as follows.
models.py
class process(models.Model):
created_by = models.ForeignKey(User, on_delete=models.CASCADE, db_column= "username")
process_name = models.CharField(max_length=200)
....
class processmap(models.Model):
process = models.ForeignKey(process, on_delete=models.CASCADE, db_column="process_name")
....
views.py
class processViewSet(viewsets.ModelViewSet):
permission_classes = (IsAuthenticated,)
queryset= process.objects.all()
serializer_class = processSerializer
filter_backends = (DjangoFilterBackend,filters.SearchFilter)
filter_fields = ('created_by', 'process_name',)
def get_queryset(self):
if self.request.user.is_superuser:
return self.queryset
else:
queryset = self.queryset
query_set = queryset.filter(created_by=self.request.user)
return query_set
class processmapViewset(viewsets.ModelViewSet):
permission_classes = (IsAuthenticated,)
try:
queryset= processmap.objects.all()
serializer_class = processmapSerializer
filter_backends = (DjangoFilterBackend,filters.SearchFilter)
filter_fields = ('process', 'service', 'sequence','process__created_by')
Serializers.py
class processSerializer(serializers.HyperlinkedModelSerializer):
#created_by = UserSerializer(many=True)
class Meta:
model = process
fields = ("__all__")
def perform_create(self, serializer):
serializer.save(user=self.request.user)
class processmapSerializer(serializers.HyperlinkedModelSerializer):
class Meta:
model = processmap
fields = ("__all__")
def perform_create(self, serializer):
serializer.save(user=self.request.user)
When a user creates a process and then goes to mapping the process, the foreign key lists all the processes that are present in the process table. Instead, I need to list down only the processes that are created by the user logged in. How can I achieve this.
Note: I have searched for the same and most answers involve forms. Please note I'm not using any forms and I want that logic to be implemented in the views.py.
Thanks in advance :)
I don't know how to define a url to my external database (a couch database) in the Resource. I have this:
class UserResource(Resource):
username=fields.CharField(attribute='username')
firstName=fields.CharField(attribute='firstName')
lastName=fields.CharField(attribute='lastName')
gender=fields.CharField(attribute='gender')
status=fields.IntegerField(attribute='status')
date=fields.DateTimeField(attribute='date')
class Meta:
object_class = ??
resource_name = 'users/list'
always_return_data = True
authorization= Authorization()
def get_object_list(self, request):
...
return results
def obj_get_list(self, request=None, **kwargs):
# Filtering disabled for brevity...
return self.get_object_list(request)
class UserResource(ModeslResource)
class Meta:
queryset = UserModel.objects.all().using('dbname')