I'm having problem with Django REST Swagger. I've created a simple viewset for users using DRF (just for showing my problem), where AppUser is my custom user model and it is not showing the POST method in my documentation, but I can call it with Postman and create a new resource.
I'm using:
Django 2.1
Django-rest-swagger 2.2.0
Djangorestframework 3.9.1
Here is my code:
views.py
class UserViewSet(viewsets.ModelViewSet):
queryset = AppUser.objects.all()
serializer_class = UserSerializer
serializers.py
class UserSerializer(serializers.HyperlinkedModelSerializer):
class Meta:
model = AppUser
fields = '__all__'
urls.py
from django.conf.urls import url, include
from rest_framework.routers import SimpleRouter
from rest_framework_swagger.views import get_swagger_view
import app.views as app
# creating router
router = SimpleRouter()
router.register(r'users', app.UserViewSet)
schema_view = get_swagger_view(title='My app API')
# register urls
urlpatterns = [
url(r'^', include(router.urls)),
url(r'^docs', schema_view)
]
Here you can see what my app documentation looks like:
I would like to get something like this:
I've tried multiple tutorials on creating Swagger documentation and I was trying it on User model, but I still get only the GET request. What am I doing wrong?
Thank you for your help.
I've figured it out. I haven't been logged in properly so I haven't been authenticated against permissions listed in DEFAULT_PERMISSION_CLASSES setting for DRF in settings.py.
REST_FRAMEWORK = {
'DEFAULT_PERMISSION_CLASSES':
('rest_framework.permissions.IsAuthenticatedOrReadOnly',),
}
HTTP methods POST, PUT, PATCH, etc. are checked using has_permission() against list of permissions defined there.
After logging in it works well.
EDIT: Problem with login was, that Django-rest-swagger 2.2.0 is not working correctly with JWT authentication, so I downgraded to 2.1.2.
Related
I have added an app to my existing django site and to view it, I created an extra permission overview.view. But, I do not see it in my admin page, so I can also not assign this permission to any user. I think I have all files setup correctly, but I guess I am missing something. I have all the same files in the overview folder as I have in other working folders.
I do see the page, but somehow I am not logged in either.
This is my urls.py:
from django.urls import path
from . import views
urlpatterns = [
path('', views.index, name='index')
]
models.py:
from django.db import models
class Overview(models.Model):
class Meta:
permissions = (
('view', "May view the overview"),
)
and (part of) settings.py
INSTALLED_APPS = [
'overview.apps.OverviewConfig'
]
Permissions are stored in the database and so when you add or remove them via the Meta for the model the same is not of course automatically reflected in the database. Permissions are added post the migrations via a post_migrate signal connected from the auth apps appconfig's ready method. See the source code [GitHub]:
post_migrate.connect(
create_permissions,
dispatch_uid="django.contrib.auth.management.create_permissions"
)
Hence when one makes changes to the permissions one needs to run makemigrations and migrate to make sure they are added to the database.
I'm working with DRF and came across this issue. I have a third-party view which I'm importing in my urls.py file like this :
from some_package import some_view
urlpatterns = [
path('view/',some_view)
]
but the issue I'm facing is since I have enabled default permission classes in my settings.py like this:
REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': (
'rest_framework.authentication.TokenAuthentication',
),
'DEFAULT_PERMISSION_CLASSES':(
'rest_framework.permissions.IsAuthenticated',
),
}
now when I call that view using the url , it gives me authentication error as I'm not providing token .Is there a way I can bypass authentication error without having to make changes in view directly,I know that we can remove permission for that particular view , but for that I'll have to make changes to that some_view function code. But I don't want to do that,let's say we don't have access to that function we can only pass data and receive response. How can I bypass authentication without having to change that functions code .
I tried searching but couldn't find what I'm looking for.
I was assuming that there might be someway we can do that from urls.py like specifying any parameter or something like that which make that particular view to bypass authentication without having to change functions code.
somthing like this :
from some_package import some_view
urlpatterns = [
path('view/',some_view,"some_parameter") #passing someparameter from here or something like that
]
Is it possible what I'm looking for ? Thanks in advance :)
So, the most appropriate way for third-party views is to use decorators by defining them inside your urls.py:
Case 1
I assume that some_view is a class inherited from rest_framework.views.APIView:
urls.py
from django.urls import path
from rest_framework.decorators import permission_classes, authentication_classes
from rest_framework.permissions import AllowAny
from some_package import some_view
urlpatterns = [
path('', authentication_classes([])(permission_classes([AllowAny])(some_view)).as_view())
]
Case 2
I assume that some_view is a simple Django view function and you need to define it for GET method:
urls.py
from django.urls import path
from rest_framework.decorators import api_view, permission_classes, authentication_classes
from rest_framework.permissions import AllowAny
from some_package import some_view
urlpatterns = [
path('', api_view(['GET'])(authentication_classes([])(permission_classes([AllowAny])(some_view))))
]
Case 3
I assume that some_view is an api_view decorated DRF view function. This is the hardest and most probably the most impossible part because you have to undecorate the previous api_view decorator. If view function is decorated with api_view, then it is already converted into Django view function so neither permision_classes nor authentication_classes can be appended to class:
You can override the default authentication class to skip auth for specific urls.
For example:
class CustomIsAuthenticated(IsAuthenticated):
def has_permission(self, request, view):
# make a list of public urls
if request.path in PUBLIC_URLS:
return True
return super().has_permission(request, view)
You have to create a list of PUBLIC_URLS which bypass authentication.
Now use this class in the DEFAULT_PERMISSION_CLASSES in rest framework settings. And remove the default IsAuthenticated class.
Although I recommend the decorators approach.
check docs: https://www.django-rest-framework.org/api-guide/permissions/#allowany
Decorators approach is more verbose and by looking at the function you can make out if it is public or not.
#Bedilbek's answer worked for me, but if you'd prefer to use different syntax and define the permission_classes and authentication_classes inside your view instead of urls.py, you can do the following:
from rest_framework import permissions
from rest_framework.views import APIView
class SomeView(APIView):
permission_classes = [permissions.AllowAny]
authentication_classes = []
I'm trying to set verbose_name for a model SocialAuthUser from django_social.
I've tried to use proxy model, setting its Meta.verbose_name to desired value, but had no success (probably I did it wrong). If it's the way to go, I can provide more details.
It would be great to avoid installing module from pip in editable mode just to replace verbose_name in admin site.
Probably I can replace model name in admin site in some other way?
I thought about adding custom link to admin site, but didn't research this method yet because it feels hacky.
You almost got it right. For your changes on the proxy model to take effect you need to unregister the model from admin site first and then register the proxy model.
The example below is for social_django.Association model.
# admin.py
from django.contrib import admin
from social_django.admin import AssociationOption
from social_django.models import Association
class AssociationProxy(Association):
class Meta:
proxy = True
verbose_name = 'custom model'
app_label = 'social_django'
admin.site.unregister(Association)
admin.site.register(AssociationProxy, AssociationOption)
This assumes you are using the default admin site
# urls.py
from django.contrib import admin
from django.urls import path
urlpatterns = [
path('admin/', admin.site.urls),
]
I have a blog made with Django where I write posts in markdown. I would like to add a view in the bottom of the admin page for each instance of the class Entry (my blog post class) such that I can get a preview of what the markdown looks like, while I'm writing. Just as you get a preview here on Stack Overflow when you create a new post.
I already have an admin class extending ModelAdmin:
class EntryAdmin(admin.ModelAdmin):
list_display = ('title','created')
prepopulated_fields = {'slug': ('title',)}
Is it possible to modify ModelAdmin further, such that it loads a certain html file (blogpost.html) and shows it in the bottom of the admin page?
I made a picture to show exactly what I mean:
NB: I know there are various tools such as Django admin plus, that allows one to add views to the admin interface, but not for each instance of an object.
You can use markdownx for that:
pip install django-markdownx
project settings.py
INSTALLED_APPS =
#. . . .
'markdownx',
]
project urls.py
urlpatterns = [
#[...]
url(r'^markdownx/', include('markdownx.urls')),
]
and then collect static files.
python3 manage.py collectstatic
your models.py
from markdownx.models import MarkdownxField
class MyModel(models.Model):
myfield = MarkdownxField()
your app admin.py
from django.contrib import admin
from markdownx.admin import MarkdownxModelAdmin
from .models import MyModel
admin.site.register(MyModel, MarkdownxModelAdmin)
This should work.
I have the model named Artist and I want expose this model with Django Rest Framework to create an API and this data can be consumed.
I've created a class based view in artists/views.py named ArtistViewSet
#CBV for rest frameworks
from rest_framework import viewsets
class ArtistViewSet(viewsets.ModelViewSet):
model = Artist
I also have an url named api/ in the urls.py file (view third url named api/) which the user could access to the view above mentioned.
# coding=utf-8
from django.conf.urls import patterns, include, url
from django.conf import settings
from django.contrib import admin
admin.autodiscover()
from rest_framework import routers
from artists.views import ArtistViewSet
#I create a router by default
router = routers.DefaultRouter()
#Register the model 'artists' in ArtistViewSet
router.register(r'artists', ArtistViewSet)
urlpatterns = patterns('',
(r'^grappelli/', include('grappelli.urls')), # grappelli URLS
url(r'^admin/', include(admin.site.urls)),
#Include url api/ with all urls of router
url(r'^api/', include(routers.urls)),
)
When I go to my browser and type http://localhost:8000/api/ I get this message error:
What did can be happened me?
In Django REST framework 2.4+ (including 3.0+), the model attribute for views has been deprecated and removed. This means that you should be defining your view as
from rest_framework import viewsets
class ArtistViewSet(viewsets.ModelViewSet):
queryset = Artist.objects.all()
Which should give you the result you are expecting. Now, you asked in the comments
I cannot understand the role of base_name. I mean, this base name is the url that I've created? My viewset ArtistViewSet does not have a queryset attribute, due to this, according to documentation, it's necessary put the base_name argument, but i don't know how to do it.
The base_name that can be optionally defined when registering a ViewSet is used when naming the automatically generated routes. By default, the format is [base]-list and [base]-detail, where [base] is the base_name that can be defined. When you do not specify your own base_name, it is automatically generated based on the model name. As the queryset method must be defined for ViewSet instances, this is where the model (and later model name) is retrieved. As you did not provide the queryset argument, Django REST framework triggers an error because it cannot generate a base_name.
To quote from the documentation on routers
Note: The base_name argument is used to specify the initial part of the view name pattern.
The documentation goes on to further explain exactly why you are getting the issue, even including an example, and how to fix it.