The route is shown below and I can confirm the request is hitting the route, however, the model parameter is the currently saved model, when I'd expect it to be the model with updated properties.
#Page.method(request_fields=('id',),
path='page/{id}', http_method='PUT', name='page.udpate')
def PageUpdate(self, model):
if not model.from_datastore:
raise endpoints.NotFoundException('MyModel not found.')
model.put()
return model
The request_fields field specifies what comes in the request, so you'll want to include a lot more. The _message_fields_schema property (discussed in simple_get example) is best to use.
class Page(EndpointsModel):
_message_fields_schema = ('id', ... other properties)
and then just let the default be used:
#Page.method(path='page/{id}', http_method='PUT', name='page.update')
def PageUpdate(self, page):
if not page.from_datastore:
raise endpoints.NotFoundException('Page not found.')
page.put()
return page
NOTE: I also changed the spelling of 'page.udpate' and the text in the error message.
Related
In Django you can add a clean method to a form to validate fields that depend on each other:
def clean_recipients(self):
data = self.cleaned_data['recipients']
if "fred#example.com" not in data:
raise ValidationError("You have forgotten about Fred!")
# Always return a value to use as the new cleaned data, even if
# this method didn't change it.
return data
How can I add a custom form with a clean method to Wagtail ModelAdmin?
Wagtail has the panels concept and dynamically builds the form. I can't find anything about overriding the form. There is information about customising the create and update views. Custom views seem a bit cumbersome.
I got an answer via the Wagtail Slack form #CynthiaKiser.
The base_form_class lets you set a WagtailAdminModelForm on the model.
from wagtail.admin.forms import WagtailAdminModelForm
class Foo(models.Model):
...
base_form_class = FooForm
class FooForm(WagtailAdminModelForm): # For pages use WagtailAdminPageForm
def clean(self):
data = self.cleaned_data['recipients']
if "fred#example.com" not in data:
raise ValidationError("You have forgotten about Fred!")
return data
All of the CRUD forms you encounter in Wagtail are just Django ModelForm instances underneath, so these Django docs are relevant (thanks #ababic)
An alternative to base_form_class is to specify a clean method on the model. It will be called by any form.
from django.core.exceptions import ValidationError
class Foo(models.Model):
...
def clean(self):
if "fred#example.com" not in self.recipients:
raise ValidationError(
{'recipients': _("You have forgotten about Fred!")}
)
I am using Django Rest Framework for a project and I have a nested serializer like this:
class TopSerializer(serializers.ModelSerializer):
contact = (something goes here)
email = (something goes here)
For POST, PATCH, PUT, DELETE I want to specify these values with a slug. Suppose each class (Contact, Email) has a member called resource_id and that is my slug. For these methods I could use:
class TopSerializer(serializers.ModelSerializer):
contact = serializers.SlugRelatedField(read_only=False, slug_field='resource_id')
email = serializers.SlugRelatedField(read_only=False, slug_field='resource_id')
However, for GET I want to return the embedded objects too, so I could use:
class TopSerializer(serializers.ModelSerializer):
contact = ContactSerializer(read_only=True)
email = EmailSerializers(read_only=True)
So how do I specify in my serializer that contact can be either a slug or a serialized object? Is there a way to do this with just one serializer or must I have two different serializers and use the request.method in the view to select which serializer I use?
Or, should I use something like this:
class TopSerializer(serializers.ModelSerializer):
contact = ContactSerializer(read_only=True)
email = EmailSerializers(read_only=True)
contact_rid = serializers.SlugRelatedField(read_only=False,slug_field=resource_id,queryset=models.Contact.objects.all())
email_rid = serializers.SlugRelatedField(read_only=False,slug_field=resource_id,queryset=models.Email.objects.all())
This way I can use contact_rid and email_rid for POST/PATCH/PUT/DELETE and get contact and email fields back in GET.
Am I on the right track? Other suggestions?
Check out custom fields https://www.django-rest-framework.org/api-guide/fields/#custom-fields
You could define a custom serializer fields that overrides serializers.Field and overrride to_representation to return the fully serialized object and to_internal_value to mimic the behavior of a slugRelatedField.
You are on the right track!
Use one related field for write and another to read the full object is a good approach if you need more details for related objects.
You can also add to the slug field the flag write_only=True if you want the field is used only for write. However, checking this option will not hint selected objects when you are under an update route in Browseable API
Check this anwser
I have a Django app where users submit orders for payment. Clearly, security is important. I want to minimise the amount of code that I have to write, to avoid introducing any security holes, and ease maintenance.
The model is simple:
class Order(models.Model):
user = models.ForeignKey(User)
created = models.DateTimeField()
paid = models.DateTimeField(null=True, blank=True)
items = models.ManyToManyField(Item)
I'm using a CreateView to create instances of Order:
class OrderView(CreateView):
model = Order
form_class = OrderForm
I want to enforce values for certain fields in those instances. For example, I want the instance user field set to the current logged-in user. I don't want any possibility that the user can change the value of this field, so I don't want it to appear in the form at all. Therefore I use a custom ModelForm to remove these fields from the form:
class OrderForm(forms.ModelForm):
class Meta:
model = Order
# For security, we control exactly which fields are placed
# in the form, rather than excluding some:
fields = ('items',)
Now I want the newly created Order instances to have the user field set to the current logged-in user. I can't find any documentation about what is the best way to do this.
(A) I can override the form's save() method to modify the object before saving, but it feels like this code doesn't belong in the form, which doesn't know anything about the user field. I also don't have access to the request here, which I'd need to determine the current user. But it might look like this:
class OrderForm(forms.ModelForm):
def save(self, commit=True):
instance = super(OrderForm, self).save(commit=False)
instance.user = get_request_magic().user
if commit:
instance.save()
return instance
(B) I can override the view's form_valid method to save the object with commit=False, like a class-based version of this question. But I can't call the superclass method directly, because it saves the object with no way to disable commit, so I have to manually skip a generation of form_valid which is nasty. Apart from that complaint, this does look like the best way I've found so far:
class OrderView(CreateView):
def form_valid(self, form):
self.object = form.save(commit=False)
self.object.user = self.request.user
self.object.save()
return super(ModelFormMixin, self).form_valid(form)
(C) I could write a replacement for CreateView that adds a hook to allow objects to be changed before saving them. But that feels like more boilerplate and duplication.
(D) I can't provide an initial value, because there's no form field to put it in, so it will be ignored.
Any other ideas? If (B) the best option, is there any way around the hacky way of manually specifying which superclass' form_valid method I want to call?
Django user Charettes answered the question for me:
You can achieve this by overriding form_valid:
class OrderCreateViewMixin(CreateView):
def form_valid(self, form):
form.instance.user = request.user
return super(OrderCreateViewMixin, self).form_valid(form)
Which pointed me towards the right part of the documentation:
class AuthorCreate(CreateView):
form_class = AuthorForm
model = Author
def form_valid(self, form):
form.instance.created_by = self.request.user
return super(AuthorCreate, self).form_valid(form)
This is definitely the simplest and cleanest answer I've found so far. It doesn't require modifying the form in any way, although it does directly access its instance member which is a bit ugly. However, at least it's officially documented, so it's unlikely to break.
There are probably multiple approaches to this. I would do this:
Create a constructor in your form which takes the request:
def __init__(self, *args, **kwargs):
request = kwargs.pop('request', None)
super(OrderForm, self).__init__(*args, **kwargs)
self.request = request
When creating your form for POST processing, instantiate it as follows:
form = OrderForm(data=request.POST, request=request)
Now, in your save() method, you have access to the user on the request by referencing self.request.user and can set it accordingly on your model.
The way I've gone about handling this situation with CBVs, is to pass in an unsaved instance of the model to the form. This is how I've done it:
class OrderView(CreateView):
def get_form_kwargs(self):
self.object = Order(user=self.request.user)
return super(OrderView, self).get_form_kwargs()
Both CreateView and UpdateView will add instance to the form kwargs, setting it to the value of self.object.
The only other way, besides what you've already mentioned, is to construct your view class from the same elements that CreateView does, and then change the get and post methods to populate self.object there. I've done that when I have needed a lot of create views in my project:
class OrderView(SingleObjectTemplateResponseMixin, ModelFormMixin, ProcessFormView):
template_name_suffix = '_form'
def get(self, request, *args, **kwargs):
self.object = Order(user=request.user)
return super(OrderView, self).get(request, *args, **kwargs)
def post(self, request, *args, **kwargs):
self.object = Order(user=request.user)
return super(OrderView, self).post(request, *args, **kwargs)
Here is a more generalized version to be reused: https://gist.github.com/4439975
In my Google App Engine app I have model objects that need to be stored. These objects are parameterized by various policy objects. For example, my Event class has a Privacy policy object which determines who can see, update, etc. There are various subclasses of PrivacyPolicy that behave differently. The Event consults its PrivacyPolicy object at various points.
class PrivacyPolicy(db.Model):
def can_see(self, event, user):
pass
class OwnerOnlyPolicy(PrivacyPolicy):
def can_see(self, event, user):
return user == event.owner
class GroupOnlyPolicy(PrivacyPolicy):
def can_see(self, event, user):
for grp in event.owner.groups()
if grp.is_member(user):
return True
return False
class OnlyCertainUsersPolicy(PrivacyPolicy):
def __init__(self, others):
self.others = others
def can_see(self, event, user):
return user in others
I could make my Event class use a ReferenceProperty to the PrivacyPolicy:
class Event(db.Model):
privacy: db.ReferenceProperty(PrivacyPolicy)
#…
The reason I don’t like this is that the one-to-one relationship means that nobody every queries for the policy object, there is no need to maintain the back-reference from the policy to its Event object, and in no other way is PrivacyPolicy an independent db-level object. It is functionally equivalent to an IntegerProperty, in that it is part of the Event object’s state, it’s just an object instead of a number — specifically it’s an object that can have zero state or lots of state, unknown to the Event type.
I can’t find anyone talking about how to approach such a situation. Is there a tool/approach I don’t know about? Do I just suck it up and use a reference property and the hell with the overhead?
If the only other way to handle this is a custom Property type, any advice about how to approach it would be welcome. My first thought is to use a TextProperty to store the string rep of the policy object (policy), decode it when needed, caching the result, and having any change to the policy object invalidate the cache and update the string rep.
You're overcomplicating by trying to store this in the datastore. This belongs in code rather than in the datastore.
The least complicated way would be:
class Event(db.Model):
privacy = db.IntegerProperty()
def can_see(self, user):
if self.privacy == PRIVACY_OWNER_ONLY:
return user == event.owner
else if self.privacy == PRIVACY_GROUP:
for grp in self.owner.groups()
if grp.is_member(user):
return True
return False
Sometimes all it takes is to think of the right approach. The solution is to introduce a new kind of property that uses pickle to store and retrieve values, such as that described in https://groups.google.com/forum/?fromgroups#!topic/google-appengine/bwMD0ZfRnJg
I wanted something slightly more sophisticated, because pickle isn’t always the answer, and anyway documentation is nice, so here is my ObjectReference type:
import pickle
from google.appengine.ext import db
class ObjectProperty(db.Property):
def __init__(self, object_type=None, verbose_name=None, to_store=pickle.dumps, from_store=pickle.loads, **kwds):
"""Initializes this Property with all the given options
All args are passed to the superclass. The ones used specifically by this class are described here. For
all other args, see base class method documentation for details.
Args:
object_type: If not None, all values assigned to the property must be either instances of this type or None
to_store: A function to use to convert a property value to a storable str representation. The default is
to use pickle.dumps()
from_store: A function to use to convert a storable str representation to a property value. The default is
to use pickle.loads()
"""
if object_type and not isinstance(object_type, type):
raise TypeError('object_type should be a type object')
kwds['indexed'] = False # It never makes sense to index pickled data
super(ObjectProperty, self).__init__(verbose_name, **kwds)
self.to_store = to_store
self.from_store = from_store
self.object_type = object_type
def get_value_for_datastore(self, model_instance):
"""Get value from property to send to datastore.
We retrieve the value of the attribute and return the result of invoking the to_store function on it
See base class method documentation for details.
"""
value = getattr(model_instance, self.name, None)
return self.to_store(value)
def make_value_from_datastore(self, rep):
"""Get value from datastore to assign to the property.
We take the value passed, convert it to str() and return the result of invoking the from_store function
on it. The Property class assigns this returned value to the property.
See base class method documentation for details.
"""
# It passes us a unicode, even though I returned a str, so this is required
rep = str(rep)
return self.from_store(rep)
def validate(self, value):
"""Validate reference.
Returns:
A valid value.
Raises:
BadValueError for the following reasons:
- Object not of correct type.
"""
value = super(ObjectProperty, self).validate(value)
if value is not None and not isinstance(value, self.object_type):
raise db.KindError('Property %s must be of type %s' % (self.name, self.object_type))
return value
I am using classed based views with django 1.3 and am trying to figure out how to create an object without using the form. I do not need any user input to create the object but I am still getting an error message that the template is missing. Below is my current view where I have tried to subclass the form_valid method but its not working. Any help would be appreciated.
class ReviewerCreateView(CreateView):
model = Reviewer
def form_valid(self, form):
self.object = form.save(commit=False)
self.object.user = self.request.user
self.object.role = 2
self.object.save()
return HttpResponseRedirect(self.get_success_url())
A CreateView is a specialized view whose purpose is to display a form on GET and validate the form data and create a new object based on the form data on POST.
Since you don't need to display a form and process the form data, a CreateView is not the tool for your job.
You either need a plain old function-based view, or, if you prefer to use a class-based view, derive from View and override get() or post(). For example, adapting your sample code:
class ReviewerCreator(View):
def get(self, request, *args, **kwargs):
Reviewer(user=request.user, role=2).save()
return HttpResponseRedirect('/your_success_url/')
I don't believe a view needs to do anything explicit with a form if it does not need one.
You can instantiate a Reviewer object. It's just a python object.
class ReviewerCreateView(CreateView):
model = Reviewer
self.object.user = self.request.user
self.object.role = 2
self.object.save()
return HttpResponseRedirect(self.get_success_url())