best way to add additional fields to django-rest-f

2019-04-23 16:05发布

站内问答 / Python
1000 3 5

I have a Book model with a foreign key to user (the owner of the book):

class Book(models.Model):
    owner = models.ForiegnKey(User)
    ...

I've created a ModelViewSet for Book which shows the books owned by the logged in user:

class BookViewSet(viewsets.ModelViewSet):
    model = Book
    serializer_class = BookSerializer
    def get_queryset(self):
        return Book.objects.filter(owner=self.request.user)

Now to create a new book, I want to save user field with request.user, not with data sent from the rest client (for more security). for example:

def create(self, request, *args, **kwargs):
    request.DATA['user'] = request.user
    ... (some code to create new Book from request.DATA using serialize class)

but I got this error: This QueryDict instance is immutable. (means request.DATA is a immutable QueryDict and can't be changed)

Do you know any better way to add additional fields when creating an object with django rest framework?

3条回答
聊天终结者
2楼-- · 2019-04-23 16:18

Update: Since v3 you need to do this:

def perform_create(self, serializer):
    serializer.save(owner=self.request.user)

The principle remains the same.

You want to make the owner field of your book serializer read-only and then set the association with the user in pre_save().

Something like: 

def pre_save(self, obj):
    obj.owner = self.request.user

See the tutorial section on "Associating Snippets with Users".

I hope that helps.

查看更多
0人赞 添加讨论(0) 举报
迷人小祖宗
3楼-- · 2019-04-23 16:18

If you're using ModelSerializer it's as easy as implementing the restore_object() method:

class MySerializer(serializers.ModelSerializer):

    def restore_object(self, attrs, instance=None):

        create = not instance
        instance = super(MySerializer, self).restore_object(attrs, instance)

        if create:
            instance.user = self.context['request'].user

        return instance

    # ...

restore_object() is used to deserialize a dictionary of attributes into an object instance. ModelSerializer implements this method and creates/updates the instance for the model you specified in the Meta class. If the given instance is None it means the object still has to be created. In this case you just set the user field with the desired value.

More information: http://www.django-rest-framework.org/api-guide/serializers#declaring-serializers

查看更多
0人赞 添加讨论(0) 举报
爱情/是我丢掉的垃圾
4楼-- · 2019-04-23 16:26

For what it's worth this has changed in Django REST Framework 3. There is now a perform_create() that replaces the older pre_save() and post_save() hooks suggested in a previous answer. For example:

from rest_framework import viewsets

class MyViewSet(viewsets.ModelViewSet):
    queryset = MyModel.objects.all()
    serializer_class = MyModelSerializer

    def perform_create(self, serializer):
        serializer.save(owner=self.request.user)

Hope this saves someone some time.

查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(5)