RTa*_*Tan 5 python django rest
我正在使用django 1.9.5和rest框架3.x(DRF)。我刚从django rest官方框架学习了教程,可以说它是从DRF开始的,我已经写了以下视图,URL以查看api的工作原理使用DRF,
意见
class DepartMentList(APIView):
"""
List of all departments or create a department
"""
def get(self, request, format=None):
departments = Department.objects.all()
serializer = DepartmentSerializer(departments)
return Response(serializer.data)
def post(self, request, format=None):
serializer = DepartmentSerializer(data=request.data)
if serializer.is_valid():
serializer.save()
return Response(serializer.data,status=status.HTTP_201_CREATED)
return Response(serializer._errors, status=status.HTTP_400_BAD_REQUEST)
网址
from django.conf.urls import url
from rest_framework.urlpatterns import format_suffix_patterns
from organizations import views
urlpatterns = [
url(r'^departments/$', views.DepartMentList.as_view()),
]
urlpatterns = format_suffix_patterns(urlpatterns)
这是setting.py,我rest framework为DEFAULT_PERMISSION_CLASSES 添加了以下字典
REST_FRAMEWORK = {
# Use Django's standard `django.contrib.auth` permissions,
# or allow read-only access for unauthenticated users.
'DEFAULT_PERMISSION_CLASSES': [
'rest_framework.permissions.DjangoModelPermissionsOrAnonReadOnly'
]
}
现在,当我运行endpoint的部门看部门的名单,然后我得到这个下面的错误,
'Cannot apply DjangoModelPermissions on a view that '
AssertionError: Cannot apply DjangoModelPermissions on a view that does not set `.queryset` or have a `.get_queryset()` method.
究竟是什么导致错误?我已经调查过,但无法解决。
更新
class DepartMentDetail(APIView):
"""
Retrieve, update or delete a department instance.
"""
def get_object(self, pk):
try:
return Department.objects.get(pk=pk)
except Department.DoesNotExist:
raise Http404
def get(self,request,pk,format=None):
department = self.get_object(pk)
serializer = DepartmentSerializer(department)
return Response(serializer.data)
def put(self,request,pk,format=None):
department = self.get_object(pk)
serializer = DepartmentSerializer(department,data=request.data)
if serializer.is_valid():
serializer.save()
return Response(serializer.data)
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
def delete(self, request, pk, format=None):
department = self.get_object(pk)
department.delete()
return Response(status=status.HTTP_204_NO_CONTENT)
DjangoRestFramework要求您在视图上设置queryset类参数或实现get_queryset方法。应用权限等级时会进行检查。因为DjangoModelPermissionsOrAnonReadOnly具有has_permission如下所示的方法,并且此方法检查您的视图是否具有queryset变量或get_queryset方法。
def has_permission(self, request, view):
# Workaround to ensure DjangoModelPermissions are not applied
# to the root view when using DefaultRouter.
if getattr(view, '_ignore_model_permissions', False):
return True
if hasattr(view, 'get_queryset'):
queryset = view.get_queryset()
else:
queryset = getattr(view, 'queryset', None)
assert queryset is not None, (
'Cannot apply DjangoModelPermissions on a view that '
'does not set `.queryset` or have a `.get_queryset()` method.'
)
perms = self.get_required_permissions(request.method, queryset.model)
return (
request.user and
(request.user.is_authenticated() or not self.authenticated_users_only) and
request.user.has_perms(perms)
)
正如你看到的has_permission方法使得assert对queryset可变您的看法应该是这样的
class DepartMentList(APIView):
"""
List of all departments or create a department
"""
queryset = Department.objects.all()
def get(self, request, format=None):
serializer = DepartmentSerializer(self.queryset)
return Response(serializer.data)
def post(self, request, format=None):
serializer = DepartmentSerializer(data=request.data)
if serializer.is_valid():
serializer.save()
return Response(serializer.data,status=status.HTTP_201_CREATED)
return Response(serializer._errors, status=status.HTTP_400_BAD_REQUEST)
PS使用http://www.django-rest-framework.org/api-guide/generic-views/它更干净))
| 归档时间: |
|
| 查看次数: |
4266 次 |
| 最近记录: |