I have seen this link, but I didn't find anything related to my question helping it being resolved.
Imagine we have to create a blog, in which posts have two status:
is_draft
published (published == !is_draft)
So, each user should see all of his/her posts, whether it is draft or not. In addition, Other users should see the published posts of rest of the users.
I am using viewsets in django and I know that we should have different queryset based on the current user permissions but I don't know how.
models.py:
from django.db import models
# Create your models here.
from apps.authors.models import Author
class Post(models.Model):
author = models.ForeignKey(
Author,
related_name="posts",
on_delete=models.CASCADE,
)
title = models.TextField(
null=True,
blank=True,
)
content = models.TextField(
null=True,
blank=True,
)
is_draft = models.BooleanField(
default=True
)
views.py:
from django.shortcuts import render
from rest_framework import viewsets, permissions
# Create your views here.
from apps.posts.models import Post
from apps.posts.serializers import PostSerializer
class PostViewSet(viewsets.ModelViewSet):
queryset = Post.objects.all()
serializer_class = PostSerializer
def get_permissions(self):
if self.action == "create":
self.permission_classes = [permissions.IsAuthenticated]
elif self.action == "list":
pass #I don't know how can I change this part
return super(PostViewSet, self).get_permissions()
serializers.py:
from rest_framework import serializers
from apps.posts.models import Post
class PostSerializer(serializers.ModelSerializer):
class Meta:
model = Post
fields = '__all__'
Change your queryset like this in your viewset. That way, only your desired posts will be accessed/permitted by the view:
from django.shortcuts import render
from django.db.models import Q
from rest_framework import viewsets, permissions
# Create your views here.
from apps.posts.models import Post
from apps.posts.serializers import PostSerializer
class PostViewSet(viewsets.ModelViewSet):
serializer_class = PostSerializer
def get_permissions(self):
if self.action == "create":
self.permission_classes = [permissions.IsAuthenticated]
return super(PostViewSet, self).get_permissions()
def get_queryset(self, *args, **kwargs):
current_user = self.request.user
current_author = Author.objects.get(user=current_user) #assuming your author class has foreign key to user
return Post.objects.filter(Q(author=current_author) | Q(is_draft=False))
Related
I'm trying to follow a tutorial from the book 'Django for APIs', this tutorial consists on doing a blog project API with django rest framework.
I cant get to work the UserDetail view at url: 'http://127.0.0.1:8000/api/v1/users/int:pk/'
it raises the following error ,although queryset is defined in the UserDetail class in views.py:
AssertionError at /api/v1/users/1/
'UserDetail' should either include a queryset attribute, or override the get_queryset() method.
here is the code:
urls.py
views.py
serializers.py
models.py
urls.py:
from django.urls import path
from .views import UserList, UserDetail, PostList, PostDetail
urlpatterns = [
path('users/',UserList.as_view()),
path('users/<int:pk>/', UserDetail.as_view()),
path('',PostList.as_view()),
path('<int:pk>/', PostDetail.as_view()),
]
views.py:
from django.contrib.auth import get_user_model
from rest_framework import generics
from .models import Post
from .permissions import IsAuthorOrReadOnly
from .serializers import PostSerializer, UserSerializer
# Create your views here.
class PostList(generics.ListCreateAPIView):
queryset = Post.objects.all()
serializer_class = PostSerializer
class PostDetail(generics.RetrieveUpdateDestroyAPIView):
permission_classes = (IsAuthorOrReadOnly,)
queryset = Post.objects.all()
serializer_class = PostSerializer
class UserList(generics.ListCreateAPIView):
queryset = get_user_model().objects.all()
serializer_class = UserSerializer
class UserDetail(generics.RetrieveUpdateDestroyAPIView):
queryset_= get_user_model().objects.all()
serializer_class = UserSerializer
serializers.py:
from django.contrib.auth import get_user_model
from rest_framework import serializers
from .models import Post
class PostSerializer(serializers.ModelSerializer):
class Meta:
fields = ('id','author','title','body','created_at',)
model = Post
class UserSerializer(serializers.ModelSerializer):
class Meta:
model = get_user_model()
fields = ('id','username',)
models.py:
from django.db import models
from django.contrib.auth.models import User
# Create your models here.
class Post(models.Model):
author = models.ForeignKey(User,on_delete=models.CASCADE)
title = models.CharField(max_length=50)
body = models.TextField()
created_at = models.DateTimeField(auto_now_add=True)
updated_at = models.DateTimeField(auto_now=True)
def __str__(self):
return self.title
Please check your UserDetail, it should queryset not queryset_
class UserDetail(generics.RetrieveUpdateDestroyAPIView):
queryset = get_user_model().objects.all()
I'm building a blog on Django and know i have to make a personal page for see all the posts published by the user we're logged in now.
I'm using some querysets so.
Her my code
my models.py
from django.db import models
from django.conf import settings
from django.utils import timezone
class Post(models.Model):
author = models.ForeignKey(settings.AUTH_USER_MODEL, on_delete=models.CASCADE)
title = models.CharField(max_length=200)
text = models.TextField()
created_date = models.DateTimeField(default=timezone.now)
published_date = models.DateTimeField(blank=True, null=True)
def publish(self):
self.published_date = timezone.now()
self.save()
def __str__(self):
return self.title
Here my forms.py
from django.contrib.auth.forms import UserCreationForm
from django import forms
from django.contrib.auth.models import User
from .models import Post
class CreateUserForm(UserCreationForm):
class Meta:
model = User
fields = ['username','email','password1','password2','user_permissions','is_staff','date_joined']
class PostForm(forms.ModelForm):
class Meta:
model = Post
fields = ['title', 'text', 'author']
And that's the view which is gonna filter the posts in base of the logged user
from django.contrib.auth.models import User
from django.contrib import messages
from django.contrib.auth import authenticate,login,logout
from django.contrib.auth.decorators import login_required
from django.utils import timezone
from .forms import CreateUserForm
from .models import Post
from .forms import PostForm
def user_data(request, pk):
user_data = User.objects.get(pk=pk)
posts = user_data.post_set.filter(author=user_data)
context = {'user_data':user_data, 'posts':posts}
return render(request, 'account/user_data.html', context)
#So it returns me just the user data like name, email or date_joined but not his posts
This should give you posts of logged in users from your view
def user_data(request, pk):
posts=Post.objects.filter(author=request.user)
context = {'posts':posts}
return render(request, 'account/user_data.html', context)
I am trying to test validate method on modelSerializer but it is NOT CALLED.
Why is not working ? Have i been missed something ? the same scenario works at different project
at urls
urlpatterns = [ path('api/allposts/', allposts, name='allposts') ]
at views:
from .serializer import PostSerializer
from rest_framework.renderers import JSONRenderer
from .models import Post
from django.http import JsonResponse
import json
def allposts(request):
qs = Post.objects.all()[:3]
ser = PostSerializer(qs, many=True)
data = JSONRenderer().render(ser.data)
return JsonResponse(json.loads(data), safe=False)
at models
class Post(models.Model):
title = models.CharField(max_length=100)
url = models.URLField()
poster = models.ForeignKey(User, on_delete=models.CASCADE, related_name='posts')
created = models.DateTimeField(auto_now_add=True)
class Meta:
ordering = ['-created']
def __str__(self):
return self.title
at serializer
from rest_framework import serializers
from .models import Post
class PostSerializer(serializers.ModelSerializer):
class Meta:
model = Post
fields = ['title', 'poster', 'url']
def validate(self, data):
if 'facebook' in data.get('url'):
raise serializers.ValidationError('you can not add facebook')
return data
serializer's validate method is called when you call serializer.is_valid(). Since you are serializing db instances you are not required to call is_valid(), hence validate() method is not called
Im trying to create an endpoint for a post and its comments in the following format:
/posts (view all posts)
/posts/{id} (view post by id)
/posts/{id}/comments (view comments for a post)
The first 2 work, but for the last one I have /comments rather than the url i would like and I am not sure how to go about that, I think I need to change my models for it.
My current models (its using default Django User):
class Post(models.Model):
author = models.ForeignKey(User, on_delete=models.CASCADE)
title = models.CharField(max_length=255)
description = models.TextField()
created_at = models.DateTimeField(auto_now_add=True)
updated_at = models.DateTimeField(auto_now=True)
def __str__(self):
return self.title
class PostComment(models.Model):
author = models.ForeignKey(User, on_delete=models.CASCADE)
post = models.ForeignKey(Post, on_delete=models.CASCADE)
comment = models.TextField()
created_at = models.DateTimeField(auto_now_add=True)
updated_at = models.DateTimeField(auto_now=True)
def __str__(self):
return self.post.title
And urls:
router = routers.DefaultRouter()
router.register(r'users', views.UserViewSet)
router.register(r'posts', views.PostViewSet)
router.register(r'comments', views.PostCommentViewSet)
Edit: this are the viewsets
class UserViewSet(viewsets.ModelViewSet):
queryset = User.objects.all().order_by('id')
serializer_class = UserSerializer
class PostViewSet(viewsets.ModelViewSet):
queryset = Post.objects.all().order_by('created_at')
serializer_class = PostSerializer
class PostCommentViewSet(viewsets.ModelViewSet):
queryset = PostComment.objects.all().order_by('created_at')
serializer_class = PostCommentSerializer
You can achieve this by writing the custom viewset actions--(drf doc),
from rest_framework.decorators import action
from rest_framework.response import Response
class PostViewSet(viewsets.ModelViewSet):
queryset = Post.objects.all().order_by('created_at')
serializer_class = PostSerializer
#action(detail=True, url_path='comments', url_name='post-comments')
def comments(self, request, *args, **kwargs):
queryset = PostComment.objects.filter(post=kwargs['pk'])
serializer = PostCommentSerializer(queryset, many=True, context= {'request':request, 'view':self})
return Response(data=serializer.data)
Your view should be something similar to this -
class PostCommentViewSet(viewsets.ModelViewSet):
queryset = PostComment.objects.all().order_by('created_at')
serializer_class = PostCommentSerializer
#action(detail=True)
def comments(self, request, id=None):
....
You can refer to DRF documentation for more detail here - https://www.django-rest-framework.org/api-guide/routers/#routing-for-extra-actions
If you want to use the router, then this is probably achievable by implementing a custom router, like in this example: https://www.django-rest-framework.org/api-guide/routers/#example
I think you forgot to register the viewset route parameters with the action decorator
https://www.django-rest-framework.org/api-guide/viewsets/#marking-extra-actions-for-routing
it should work if you had in your viewset
from rest_framework.decorators import action
#actions(detail=True)
def comments(self, request, pk):
# things to do here
My users/models.py file looks as below.
class User(AbstractUser):
is_customer = models.BooleanField(default=False)
is_courier = models.BooleanField(default=False)
is_merchant = models.BooleanField(default=False)
class Profile(models.Model):
contact_number = models.CharField(max_length=10, unique=True)
rating = models.IntegerField(blank=True)
created = models.DateTimeField(auto_now_add=True)
updated = models.DateTimeField(auto_now=True)
user = models.ForeignKey(User, on_delete=models.CASCADE)
My current users/serializers.py looks like below.
class UserSerializer(serializers.ModelSerializer):
class Meta:
model = User
fields = '__all__'
My users/api.py looks like below.
class UserViewSet(viewsets.ModelViewSet):
queryset = User.objects.all()
permission_classes = [
permissions.AllowAny
]
serializer_class = UserSerializer
My users/urls.py has the below:
router.register('api/users', UserViewSet, 'users')
My current setup works well with the UserViewSet. http://127.0.0.1:8000/api/users/ displays all the users and http://127.0.0.1:8000/api/users/1/ displays the user according to the ID.
My question is, How can I load up the user profile when I goto the below the URL http://127.0.0.1:8000/api/users/1/profile
Any help is much appreciated. Thank you in advance.
Create a new serializer for Profile model
class ProfileSerializer(serializers.ModelSerializer):
class Meta:
model = Profile
fields = "__all__"
then create a new view class for the Profile.
from rest_framework.views import APIView
from rest_framework.response import Response
from django.shortcuts import get_object_or_404
class ProfileAPI(APIView):
def get(self, request, *args, **kwargs):
user = get_object_or_404(User, pk=kwargs['user_id'])
profile_serializer = ProfileSerializer(user.profile)
return Response(profile_serializer.data)
Then, wire up the view in urls.py
urlpatterns = [
# your other url configs
path('api/users/<user_id>/profile/', ProfileAPI.as_view())
]
Update-1
Implementation using ViewSet class
from rest_framework import viewsets
from rest_framework.response import Response
from django.shortcuts import get_object_or_404
class ProfileAPI(viewsets.ViewSet):
def get(self, request, *args, **kwargs):
user = get_object_or_404(User, pk=kwargs['user_id'])
profile_serializer = ProfileSerializer(user.profile)
return Response(profile_serializer.data)
Update-2
from rest_framework import viewsets
class ProfileAPI(viewsets.ModelViewSet):
serializer_class = ProfileSerializer
def get_queryset(self):
return Profile.objects.filter(user=self.kwargs['user_id'])
and in your urls.py register the viewset as
router.register('api/users/(?P<user_id>\d+)/profile', ProfileAPI, base_name='profile_api')
i have used **AbstractUser ** and **custom user manager **
i have used ViewSets.ViewSet along with Model Serializers
#urls.py file#
from django.urls import path, include
from rest_framework.routers import DefaultRouter
from .views import ProfileViewSet, LoginViewSet, RegisterViewSet
router = DefaultRouter()
router.register(r'register', RegisterViewSet, basename='register')
router.register(r'login', LoginViewSet, basename='login')
router.register(r'profile', ProfileViewSet, basename='profile')
urlpatterns = [
path('', include(router.urls)),
]
#views.py file#
from rest_framework.response import Response
from rest_framework.viewsets import ViewSet
from .models import user_reg
from .serializers import RegisterSerializer
class ProfileViewSet(ViewSet):
def partial_update(self, request, pk=None): #partially update the profile
try:
user_detail = user_reg.objects.get(pk=pk)
serializer = RegisterSerializer(user_detail,data=request.data, partial=True)
if not serializer.is_valid():
return Response({'data':'internal server error','message':'error aa gyi'},500)
serializer.save()
except Exception as e:
return Response('some exception occured' + str(e))
return Response('record Updated successfully')
def retrieve(self,request, pk=None): #get or retrieve the profile from database
queryset = user_reg.objects.get(pk=pk)
serializer_class = RegisterSerializer(queryset)
return Response(serializer_class.data)
#serializer.py file#
from rest_framework import serializers
from .models import user_reg
class RegisterSerializer(serializers.ModelSerializer):
class Meta:
model = user_reg
fields = ('username','first_name','last_name','email') #custom fields i made
u can change this
#models.py#
from django.db import models
from django.contrib.auth.models import AbstractUser
from django.contrib.auth.models import UserManager
class user_reg(AbstractUser):
mobile = models.CharField(max_length=10, blank=True, null=True)
age = models.IntegerField(null=True,blank=False)
gender = models.CharField(max_length= 8,blank=True)
objects = UserManager()
class Meta:
verbose_name='user'