When the book owner is authenticated it's ok, but if the book owner is not authenticated this error appears ValueError: Cannot assign "<django.contrib.auth.models.AnonymousUser object at 0x000002677F18EE00>": "Book.owner" must be an instance of " CustomUser".. I think this problem is caused by HyperlinkedModelSerializer. The owner of the book is specified in the perform_create() method, which is taken from self.request.user. I want authenticated users or non-authenticated users to be able to create books.
models.py
class Book(models.Model):
owner = models.ForeignKey(
settings.AUTH_USER_MODEL,
blank=True,
null=True, # allow Anonymous user
on_delete=models.CASCADE,
related_name="books",
)
title = models.TextField()
serializers.py
class BookSerializer(serializers.HyperlinkedModelSerializer):
owner_username = serializers.ReadOnlyField(source="owner.username")
class Meta:
model = Book
fields = (
"url",
"owner",
"owner_username",
"title",
)
read_only_fields = ("owner",)
views.py
class BookViewSet(viewsets.ModelViewSet):
serializer_class = BookSerializer
queryset = Book.objects.all()
def perform_create(self, serializer):
serializer.save(owner=self.request.user)
I need your help to fix this problem.
AnonymousUser is a different model, instead of using that, you can check request.user.is_authenticated and if it's False, set owner=None
Here's an example:
class BookViewSet(viewsets.ModelViewSet):
serializer_class = BookSerializer
queryset = Book.objects.all()
def perform_create(self, serializer):
user = self.request.user if self.request.user.is_authenticated else None
serializer.save(owner=user)
Related
The Viewset def list looks like this:
class ThreeDimensionalModelViewSet(viewsets.ViewSet):
serializer_class = ThreeDimensionalModelSerializer
queryset = ThreeDimensionalModel.objects.all()
permission_classes = [permissions.IsAuthenticatedOrReadOnly]
def list(self, request):
models = ThreeDimensionalModel.objects.all()
serializer = ThreeDimensionalModelSerializer(models, many=True)
print(request.user.id)
return Response(serializer.data)
The serializer looks like this:
class ThreeDimensionalModelSerializer(serializers.ModelSerializer):
class Meta:
model = ThreeDimensionalModel
fields = ['File', 'Uploaded', 'Owner', 'Previous', 'SharedWithUser']
read_only_fields = ['Owner']
The model looks like this:
class ThreeDimensionalModel(models.Model):
File = models.FileField(upload_to='models')
Owner = models.ForeignKey('auth.User', on_delete=models.SET_NULL, null=True, related_name='Owner')
Uploaded = models.DateTimeField(auto_now_add=True)
Previous = models.ForeignKey("self", on_delete=models.SET_NULL, default=None, null=True)
SharedWithUser = models.ForeignKey(User, on_delete=models.SET_NULL, null=True, related_name='SharedWithUser')
When a user requests models at /api/models it should only show the models that are the same owner Id as his.
If no additional data is sent with that request then obviously you can't filter by user.
The straightforward way to do it is that for logged in users the cookie will contain user information such as userId.
When your endpoint recognizes the user who made the requested is logged in, it will use that as the filter for the query instead of all() as seen in the Django docs
https://docs.djangoproject.com/en/3.2/topics/db/queries/#retrieving-specific-objects-with-filters
To summarize - if the user is not logged in (or supplies the information as part of the request in some way) then the request is anonymous and there is no way to know who made it
So I'm trying to achieve the general "Like" functionality in a social media website using Django and REST Framework, and a frontend in React.
Using a Post model to save all the posts, and I have a Many-to-Many field for storing the likes and created a through model as follows:
class PostLike(models.Model):
user = models.ForeignKey(AppUser, on_delete=models.CASCADE)
post = models.ForeignKey("Post", on_delete=models.CASCADE)
timestamp = models.DateTimeField(auto_now_add=True)
class Post(models.Model):
user = models.ForeignKey(AppUser, on_delete=models.CASCADE)
caption = models.TextField()
created_at = models.DateTimeField(auto_now_add=True)
edited_at = models.DateTimeField(auto_now=True)
likes = models.ManyToManyField(
AppUser, related_name="post_user", blank=True, through=PostLike
)
(AppUser is a custom auth model used)
Similarly, I have created serializers and viewsets for the above models:
class PostSerializer(serializers.ModelSerializer):
class Meta:
model = Post
fields = "__all__"
class PostLikeSerializer(serializers.ModelSerializer):
class Meta:
model = PostLike
fields = "__all__"
class PostViewSet(viewsets.ModelViewSet):
queryset = Post.objects.all()
serializer_class = PostSerializer
class PostLikeViewSet(viewsets.ModelViewSet):
queryset = PostLike.objects.all()
serializer_class = PostLikeSerializer
My question is, how do I "like" or remove an existing "like" from a post using API calls?
One method I know is to just make a POST request to the PostLike endpoint using the user PK and the post PK to create a PostLike instance, but I don't know a way to "remove" a like using the same method.
Please help!
you can use APIView instead of ViewSet like this:
from rest_framework import views
class PostLikeApiView(views.APIView):
serializer = PostLikeSerializer(data=request.data)
if serializer.is_valid():
user = serializer.data['user']
post = serializer.data['post']
post_like_obj = PostLike.objects.filter(user=user, post=post)
if post_like_obj.exists():
post_like_obj.delete()
result = 'unliked'
else:
PostLike.objects.create(user=user, post=post)
result = 'liked'
return Response(
{
'result': result,
},
status=status.HTTP_200_OK
)
else:
return Response(
serializer.errors,
status=status.HTTP_400_BAD_REQUEST
)
I have 2 models, Todo and a Tag. Todo has a ManyToMany relationship with Tag. When adding new Todos from the Browsable API, I want to be able to see only the Tags added by the current user as the available options in the multiselect. Currently, it shows all the added Tags, irrespective of who added them. I want to limit the options to only show the Tags added by the current user. (Authentication is setup already)
The models:
class Todo(models.Model):
title = models.CharField(max_length=100)
description = models.TextField(blank=True)
created_at = models.DateTimeField(auto_now_add=True)
due_at = models.DateTimeField(blank=True)
updated_at = models.DateTimeField(auto_now=True)
tags = models.ManyToManyField(Tag, related_name='todos')
creator = models.ForeignKey(User, on_delete=models.CASCADE, related_name='todos')
class Tag(models.Model):
name = models.CharField(max_length=20)
creator = models.ForeignKey(User, on_delete=models.CASCADE, related_name='created_tags')
def __str__(self):
return self.name
The Serializer:
class TodoCreateSerializer(serializers.ModelSerializer): #This is the one being used for a POST
class Meta:
model = models.Todo
fields = ('title', 'description', 'due_at', 'tags')
Is there some serializer field or some other way to specify which queryset to use in the Serializer? Is there another better approach?
In your TodoCreateSerializer you need to add PrimaryKeyRelatedField with a custom queryset that has the filtered tags of a user.
First, you will need to create a custom PrimaryKeyRelatedField that filter any objects to get only those who owned by the user.
class UserFilteredPrimaryKeyRelatedField(serializers.PrimaryKeyRelatedField):
def get_queryset(self):
request = self.context.get('request', None)
queryset = super(UserFilteredPrimaryKeyRelatedField, self).get_queryset()
if not request or not queryset:
return None
return queryset.filter(user=request.user)
(This is a generic one and can be used when filtering in objects by user)
Then you should use this one in you TodoCreateSerializer:
class TodoCreateSerializer(serializers.ModelSerializer):
tags = UserFilteredPrimaryKeyRelatedField(queryset= Tag.objects, many=True)
class Meta:
model = models.Todo
fields = ('title', 'description', 'due_at', 'tags')
All my models on the database should be filtered by user, always. I created for all my models a field owner which I get the user from the request and fill it in when I'm creating the models.
When I go to all urls they are filtered correctly, as well as when I create them onto the database.
But the problem is when I use the html interface to insert a model on the database, all the related items (it doesn't matter the user) are listed on the foreign key field.
My view
class TransactionList(generics.ListCreateAPIView):
serializer_class = TransactionSerializer
permission_classes = (permissions.IsAuthenticated,)
def perform_create(self, serializer):
serializer.save(owner=self.request.user)
def get_queryset(self):
return Transaction.objects.filter(owner=self.request.user)
My serializer
class TransactionSerializer(serializers.ModelSerializer):
class Meta:
model = Transaction
fields = ('id', 'date', 'description',
'value', 'account', 'envelope', 'bill',)
My model
class Transaction(models.Model):
date = models.DateField(auto_now=True)
description = models.CharField(max_length=100)
value = models.DecimalField(max_digits=10, decimal_places=2)
account = models.ForeignKey(Account, on_delete=models.DO_NOTHING)
envelope = models.ForeignKey(Envelope, on_delete=models.DO_NOTHING, null=True)
bill = models.ForeignKey(Bill, on_delete=models.DO_NOTHING, null=True)
owner = models.ForeignKey('auth.User', related_name='transactions')
For example, with those items when I open the page for inserting the data, all the other accounts (which are restricted for user, too) appear on the combo.
How do I filter related fields for the HTML forms?
And how do I validate if related objects are not from other user?
I cant find a way to auto-populate the field owner of my model.I am using the DRF .If i use ForeignKey the user can choose the owner from a drop down box , but there is no point in that.PLZ HELP i cant make it work.The views.py is not include cause i think there is nothing to do with it.
models.py
class Note(models.Model):
title = models.CharField(max_length=200)
body = models.TextField()
cr_date = models.DateTimeField(auto_now_add=True)
owner = models.CharField(max_length=100)
# also tried:
# owner = models.ForeignKey(User, related_name='entries')
class Meta:
ordering = ('-cr_date',)
def __unicode__(self):
return self.title
serializers.py
class UserSerializer(serializers.ModelSerializer):
class Meta:
model = User
fields = ('id', "username", 'first_name', 'last_name', )
class NoteSerializer(serializers.ModelSerializer):
owner = request.user.id <--- wrong , but is what a need.
# also tried :
# owner = UserSerializer(required=True)
class Meta:
model = Note
fields = ('title', 'body' )
Django Rest Framework provides a pre_save() method (in generic views & mixins) which you can override.
class NoteSerializer(serializers.ModelSerializer):
owner = serializers.Field(source='owner.username') # Make sure owner is associated with the User model in your models.py
Then something like this in your view class:
def pre_save(self, obj):
obj.owner = self.request.user
REFERENCES
http://www.django-rest-framework.org/tutorial/4-authentication-and-permissions#associating-snippets-with-users
https://github.com/tomchristie/django-rest-framework/issues/409#issuecomment-10428031