DRF: Allow all fields in GET request but restrict

2019-04-01 18:26发布

站内问答 / Django
1511 1 5

Let's understand it by example.

Say, I want to create FileUploader API, where it will be storing fields like id, file_path, file_name, size, owner, etc in database. See sample model below:

class FileUploader(models.Model):
    file = models.FileField()
    name = models.CharField(max_length=100) #name is filename without extension
    version = models.IntegerField(default=0)
    upload_date = models.DateTimeField(auto_now=True, db_index=True)
    owner = models.ForeignKey('auth.User', related_name='uploaded_files')
    size = models.IntegerField(default=0)

Now, For APIs this is what I want:

  1. GET: When I fire the GET endpoint, I want all above fields for every uploaded file.

  2. POST: But for user to create/upload file, why she has to worry about passing all these fields. She can just upload the file and then, I suppose, serializer can get rest of the fields from uploaded FILE.

Searilizer: Question: I created below serializer to serve my purpose. But not sure if its the right way to implement it.

class FileUploaderSerializer(serializers.ModelSerializer):
    #overwrite = serializers.BooleanField()
    class Meta:
        model = FileUploader
        fields = ('file','name','version','upload_date', 'size')
        read_only_fields = ('name','version','owner','upload_date', 'size')

    def create(self, validated_data):
        return FileUploader.objects.create(**validated_data)

Viewset for reference:

class FileUploaderViewSet(viewsets.ModelViewSet):
    serializer_class = FileUploaderSerializer
    parser_classes = (MultiPartParser, FormParser,)

    # overriding default query set
    queryset = LayerFile.objects.all()

    def get_queryset(self, *args, **kwargs):
        qs = super(FileUploaderViewSet, self).get_queryset(*args, **kwargs)
        qs = qs.filter(owner=self.request.user)
        return qs

Also, another question is I want user to provide extra parameter called 'overwrite' (if file already exist on server).

I am not sure how to access that in serializer.

1条回答
ら.Afraid
2楼-- · 2019-04-01 19:09

IMHO, multiple serializers are only going to create more and more confusion.

@AaronLelevier - I looked into other stackoverflow solution as you suggested. But finally decided to implement my own clean solution.

I would prefer below solution:

  • Don't change your viewset (leave it default)
  • Add .validate() method in your serializer; along with other required .create or .update() etc. Here, real logic will go in validate() method. Where based on request type we will be creating validated_data dict as required by our serializer.

I think this is the cleanest approach.

Sample code: (modified serializer.py, views.py remain unchanged)

class LayerFileSerializer(serializers.ModelSerializer):

    class Meta:
        model = LayerFile
        fields = ('id', 'file','name','version','upload_date', 'size', 'maps')
        read_only_fields = ('name','version','owner','upload_date', 'size', 'maps')

    def validate(self, validated_data):
        if self.context['request'].method == 'PATCH':
            # catch here: validated_data only contains filed that are valid for serializer
            # for post/update/patch method only valid field is the file
            # but we need 'name' field as well so trick is to get name from the self.context[request].data
            validated_data['name'] = self.context['request'].data.get('name', None)
            if validated_data['name'] is None or validated_data['name'] == '':
                raise serializers.ValidationError("'name' field cannot be empty!")
            return validated_data
        validated_data['owner'] = self.context['request'].user
        validated_data['name'] = os.path.splitext(validated_data['file'].name)[0]
        validated_data['size'] = validated_data['file'].size
        #print self.context['request'].overwrite
        log.debug("serialized layer data: %s" %validated_data)

        try:
            layer_obj = LayerFile.objects.get(owner=validated_data['owner'], name=validated_data['name'])
        except LayerFile.DoesNotExist:
            layer_obj = None

        if layer_obj:
                raise serializers.ValidationError('Layer with same name already exist. Use overwrite flag to overwrite it.')

        return validated_data

    # This will handle rename
    def partial_update(self, instance, validated_data):
        instance.name = validated_data['name']
        return instance

    # this will handle POST - or layer upload
    def create(self, validated_data):
        return LayerFile.objects.create(**validated_data)
查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(5)