我正在尝试通过Django Rest Framework API调用使我的用户模型RESTful,以便我可以创建用户以及更新他们的配置文件.
但是,当我与用户进行特定的验证过程时,我不希望用户在创建帐户后能够更新用户名.我试图使用read_only_fields,但这似乎在POST操作中禁用了该字段,因此在创建用户对象时我无法指定用户名.
我该如何实现呢?现在存在的API的相关代码如下.
class UserSerializer(serializers.HyperlinkedModelSerializer):
class Meta:
model = User
fields = ('url', 'username', 'password', 'email')
write_only_fields = ('password',)
def restore_object(self, attrs, instance=None):
user = super(UserSerializer, self).restore_object(attrs, instance)
user.set_password(attrs['password'])
return user
class UserViewSet(viewsets.ModelViewSet):
"""
API endpoint that allows users to be viewed or edited.
"""
serializer_class = UserSerializer
model = User
def get_permissions(self):
if self.request.method == 'DELETE':
return [IsAdminUser()]
elif self.request.method == 'POST':
return [AllowAny()]
else:
return [IsStaffOrTargetUser()]
谢谢!
我想知道关于Django Rest Framework的最佳实践.通过使用每个用户的不同序列化程序(员工与账户所有者与其他任何人)和HTTP方法,我一直在限制访问更改帐户的某些属性,但我觉得这太不熟悉了.
这是完成分离"权限"以更改对象的不同字段的任务的最佳方法吗?或者是否有一种更好,更pythonic的方式来实现我目前以这种方式做的事情?
以下代码的任何批评都被接受了,因为我觉得我已经削减了一些角落.
非常感谢.
from rest_framework import serializers, viewsets
from rest_framework.permissions import SAFE_METHODS
from accounts.models import User
from cpapi.permissions import *
class UserSerializer(serializers.HyperlinkedModelSerializer):
class Meta:
model = User
fields = ('id', 'url', 'username', 'password')
write_only_fields = ('password',)
def restore_object(self, attrs, instance=None):
user = super(UserSerializer, self).restore_object(attrs, instance)
if 'password' in attrs.keys():
user.set_password(attrs['password'])
return user
class UserDetailsSerializer(UserSerializer):
class Meta(UserSerializer.Meta):
fields = ('id', 'url', 'username', 'password', 'email')
class UserListSerializer(UserSerializer):
class Meta(UserSerializer.Meta):
fields = ('id', 'url', 'username')
class UserWithoutNameSerializer(UserSerializer):
class Meta(UserSerializer.Meta):
fields …