I'm using Django Rest Framework and python-requests and passing several variables through the URL as shown below.
GET /api/boxobjects/?format=json&make=Prusa&model=i3&plastic=PLA HTTP/1.1
I'm passing the variables make, model, and plastic. The recommended method to access these parameters is shown below.
makedata = request.GET.get('make', '')
However, I have no idea where to place that line of code. I've completed the tutorial for Django Rest Framework and have my views set up to roughly match the tutorial.
views.py:
#api_view(['GET'])
#login_required
def api_root(request, format=None):
return Response({
'Users': reverse('api:user-list', request=request, format=format),
'Objects': reverse('api:object-list', request=request, format=format),
'Files': reverse('api:file-list', request=request, format=format),
'Config Files': reverse('api:config-list', request=request, format=format),
'Box-objects': reverse('api:box-object-list', request=request, format=format),
})
class BoxViewSet(viewsets.ModelViewSet):
queryset = Uploadobject.objects.all().exclude(verified=False)
serializer_class = BoxSerializer
permission_classes = (permissions.IsAuthenticatedOrReadOnly,
IsBox)
def perform_create(self, serializer):
serializer.save(owner=self.request.user)
#Maybe get function here? Not displaying
'''
def get(self, request):
print ("request set here?")
'''
Where would I place the one line of code to access these request parameters?
class BoxViewSet(viewsets.ModelViewSet):
queryset = Uploadobject.objects.all().exclude(verified=False)
serializer_class = BoxSerializer
permission_classes = (permissions.IsAuthenticatedOrReadOnly,
IsBox)
def perform_create(self, serializer):
serializer.save(owner=self.request.user)
def get_queryset(self):
req = self.request
print(req)
make = req.query_params.get('make')
if make:
self.queryset = uploadobject.objects.filter(make=make)
return self.queryset
else:
return self.queryset
What is the statement doing ?
If 'make' is in the query params of the request then overwrite the BoxViewSet queryset property with a new queryset based on 'make' and return it. otherwise return the default queryset that excludes any objects that isn't verified.
Based on Django Rest Framework's Filtering Documentation, there are two ways to access parameters from a request.
1. URL Params
If you are using URL params (such as mywebapp.com/api/<user_slug>/resource/), you can access the arguments like this: self.kwargs['param_name'] where param_name is the name of the parameter you're trying to get the value for. So for the example above, you'd have user_slug = self.kwargs['user_slug']
Example from the documentation
If your URL structure looks like this:
url('^purchases/(?P<username>.+)/$', PurchaseList.as_view()),
...and want to filter on that username. You can override the get_queryset() and your view will look like this:
class PurchaseList(generics.ListAPIView):
serializer_class = PurchaseSerializer
def get_queryset(self):
"""
This view should return a list of all the purchases for
the user as determined by the username portion of the URL.
"""
username = self.kwargs['username']
return Purchase.objects.filter(purchaser__username=username)
2. Query Params
If you are using query parameters such as mywebapp.com/api/resource?user_slug=plain-jane, you can use self.request to access request as you can in plain vanilla Django REST methods. This gives you access to things like self.request.query_params. For the example above, you would say user_slug = self.request.query_params['user_slug']. You can also access the current user like user = self.request.user.
Example from the documentation
Let's say you want to support a request structure like this:
http://example.com/api/purchases?username=denvercoder9
...and want to filter on that username. Do this to override the queryset:
class PurchaseList(generics.ListAPIView):
serializer_class = PurchaseSerializer
def get_queryset(self):
"""
Optionally restricts the returned purchases to a given user,
by filtering against a `username` query parameter in the URL.
"""
queryset = Purchase.objects.all()
username = self.request.query_params.get('username', None)
if username is not None:
queryset = queryset.filter(purchaser__username=username)
return queryset
Django 2
Use request.parser_context
def perform_create(self, serializer):
post_id = self.request.parser_context['kwargs'].get('post_id')
post = Post.objects.get(id=post_id)
serializer.save(post=post)
adding a little to what they have already contributed, for the POST methods in modelviewset when an object is sent, it is necessary to use request.data['myvariable']
example:
class BoxViewSet(viewsets.ModelViewSet):
queryset = Uploadobject.objects.all().exclude(verified=False)
serializer_class = BoxSerializer
permission_classes = (permissions.IsAuthenticatedOrReadOnly,
IsBox)
def create(self, request):
...
make = request.data['make']
Related
I have two models: ModelA and ModelB, with their corresponding serializers ModelASerializer and ModelBSerializer
In a specific viewset, called MyViewSet i have the follwing structure:
class MyViewSetRoot(viewsets.ModelViewSet):
http_method_names = ["get"]
# The returned values are of type "ModelA", so I need it to use that serializer
serializer_class = ModelASerializer
queryset = ""
Finally, in my actual view, I do something like this:
class MyViewSet(MyViewSetRoot):
get(self, request: HttpRequest, *args, **kwargs) -> Response:
ModelA_queryset = ModelA.objects.all()
return Response(
data=ModelA_queryset,
status=status.HTTP_200_OK,
)
I would expect in that case for the queryset to be serialized using the ModelASerializer that I specified in the serializer_class field. However, I get the error
Object of type ModelA is not JSON serializable
If I do this instead:
class MyViewSet(MyViewSetRoot):
get(self, request: HttpRequest, *args, **kwargs) -> Response:
ModelA_queryset = ModelA.objects.all()
serialized_queryset = ModelASerializer(ModelA_queryset, many=True)
return Response(
data=serialized_queryset.data,
status=status.HTTP_200_OK,
)
It works just fine, but I want to avoid serializing explicitly in the view.
Any ideas on what could be actually going on? Am I forced to serialize explicitly in this case?
I think you don't need to customize the get function. In ModelViewSet, the function for the GET API, is list or retrieve. But you don't need to redefine it.
class MyViewSetRoot(viewsets.ModelViewSet):
http_method_names = ["get"]
serializer_class = ModelASerializer
queryset = ModelA.objects.all()
class MyViewSet(MyViewSetRoot):
pass
I want to have an API where a user can update his own listings. Currently any authenticated user can update any listing which I found using Postman. I want to validate the user so that the API returns an error as a response if the user is not trying to update his own listing. Here is my code:
# serializers.py
class ListingSerializer(serializers.ModelSerializer):
class Meta:
model = Listing
fields = '__all__'
# api.py
class ListingViewSet(ModelViewSet):
permission_classes = [IsAuthenticatedOrReadOnly]
serializer_class = ListingSerializer
def get_queryset(self):
return Listing.objects.all()
def perform_create(self, serializer):
serializer.save(owner=self.request.user)
# urls.py
router = routers.DefaultRouter()
router.register('api/listings', ListingViewSet, 'listings')
urlpatterns = router.urls
You just need to overwrite the perform_update function:
def perform_update(self, serializer):
obj = self.get_object()
if self.request.user != obj.created_by: # Or how ever you validate
raise PermissionDenied('User is not allowed to modify listing')
serializer.save()
You will need:
from django.core.exceptions import PermissionDenied
You can limit the object for all method change the main queryset. In this case if an inapropiate user try to access an invalid object the api return 404.
def get_queryset(self):
return Listing.objects.filter(owner=self.request.user)
I have been trying to use django-filters but the objects are not getting filtered. Also, the permission is not working for the partial_update views
I have a Viewset which has the basic actions like - list(), retrieve(), destroy(), partial_update() and few other actions, and trying to apply filter for the same.
After some research I found that since I am creating the queryset via filters I will have to override the get_queryset() method. However, that also doesn't seem to be working. Does the filter works only with ModelViewSet or ListApiView?
ViewSet -
class PostViewSet(viewsets.ViewSet):
"""
The Endpoint to list, retrieve, create and delete Posts.
"""
filter_backends = (DjangoFilterBackend, )
# filterset_class = PostFilter
filter_fields = ('pet_age', 'pet_gender', 'breed')
def get_permissions(self):
if self.action == 'partial_update' or self.action == 'update':
permission_classes = [IsPostAuthor, ]
elif self.action == 'create' or self.action == 'destroy':
permission_classes = [IsAuthenticated, ]
else:
permission_classes = [AllowAny, ]
return[permission() for permission in permission_classes]
def get_queryset(self):
return Post.objects.active() # This is implemented via custom Manager
def list(self, request, *args, **kwargs):
"""
Method for Post listing. It can be accessed by anyone.
"""
serializer = PostListSerializer(self.get_queryset(), many=True, context={"request": request})
return Response(serializer.data)
# REST CODE TRUNCATED
Permission -
class IsPostAuthor(permissions.BasePermission):
"""
Object-level permission to only allow owners of an object to edit it.
"""
def has_object_permission(self, request, view, obj):
if request.user.is_authenticated:
if view.action in ['partial_update', 'update']:
return obj.user.id == request.user.id
return False
return False
PostFilter -
class PostFilter(filters.FilterSet):
class Meta:
model = Post
fields = ('pet_age', 'pet_gender', 'breed', )
Manager -
class PostManager(models.Manager):
def active(self):
return self.filter(post_status='Active')
Any help will be highly appreciated.
Okay, So finally found the solution from DRF Docs. The issue was that in case of normal ViewSet you have to override the method filter_queryset() and return the appropriate queryset accordingly. Then use the queryset under filter_queryset as mentioned by Aman -
serializer = PostListSerializer(self.filter_queryset(self.get_queryset()), many=True, context={"request": request})
Below is the code for reference for those who are still facing issues -
filter_queryset -
def filter_queryset(self, queryset):
filter_backends = (DjangoFilterBackend, )
# Other condition for different filter backend goes here
for backend in list(filter_backends):
queryset = backend().filter_queryset(self.request, queryset, view=self)
return queryset
You have overwrite the list method, so it's not working to work call the filter_queryet method.
def list(self, request, *args, **kwargs):
"""
Method for Post listing. It can be accessed by anyone.
"""
serializer = PostListSerializer(self.filter_queryset(self.get_queryset()), many=True, context= .
{"request": request})
return Response(serializer.data)
I have the following setup:
I want to list all holidays of a specific year. That's why I leave out the default list view and implement my own like this:
class HolidayViewSet(mixins.RetrieveModelMixin, GenericViewSet):
#list_route()
def year(self, request, year=get_today().year):
public_holidays = self.get_queryset().filter(date__year=year)
page = self.paginate_queryset(public_holidays)
if page is not None:
serializer = self.get_serializer(page, many=True)
return self.get_paginated_response(serializer.data)
serializer = self.get_serializer(public_holidays, many=True)
return Response(serializer.data)
If I use the default /holiday/year/ I get a result for the current year.
But whe I try to pass a parameter, I'll get a 404. The 404 page (in debug mode) even shows me the correct URL pattern:
api/v1/ ^holiday/year/$ [name='holiday-year']
api/v1/ ^holiday/year\.(?P<format>[a-z0-9]+)/?$ [name='holiday-year']
In the documentation this aspect is unfortunately not covered.
Any ideas why my route to holiday/year/2017 is not working?
Ok, my workaround is using django-filter.
My filter:
class HolidayFilter(filters.FilterSet):
"""
This filter can be used to filter holidays by different values in API views or viewsets.
See http://django-filter.readthedocs.io/en/1.1.0/guide/rest_framework.html
"""
year = filters.NumberFilter(name='date', lookup_expr='year')
class Meta:
model = Holiday
fields = ['date']
My viewset:
class HolidayListViewSet(ModelViewSet):
def list(self, request, *args, **kwargs):
# Apply filters
queryset = self.filter_queryset(self.get_queryset())
page = self.paginate_queryset(queryset)
# Pagination
if page is not None:
serializer = self.get_serializer(page, many=True)
return self.get_paginated_response(serializer.data)
# Serializer
serializer = self.get_serializer(queryset, many=True)
# Response
return Response(serializer.data)
The URL:
/api/v1/holiday/?year=2016
DRF differentiates list and detail requests. list request is not expected to have additional path parameter(i.e. /{id}), while detail request, in opposite, defined by it.
What it means is #list_route decorator creates /holiday/year endpoint, and #detail_route will create /holiday/{id}/year endpoint.
I think my approach is so simple but its useful. just determine your Router like below:
urlpatterns += [
path(r'holiday/<int:year>/', TestListView.as_view()),
]
The URL:
api/v1/holiday/2016/
Then create your view like this:
class TestListView(generics.ListAPIView):
serializer_class = TestSerializer
def get(self, request, *args, **kwargs):
year = kwargs.get('year', '')
query_set = Test.objects.filter(year__exact=year) # Test is my test model
serializer = self.get_serializer(query_set, many=True)
return Response(serializer.data)
I have to pass the product_id (which is a string) into a view. There I have to do some DB operations based on the product id. How can I get that product id in that view? Actually what should be the parameter in the class ProductDetailConfiguration view? Now I am passing viewsets.ModelViewSet. Actually, this API call is not completely related to any model.
# urls.py
url(r'^product-configuration/(?P<product_id>[\w-]+)/$', views.ProductDetailConfiguration, name='product-configuration'),
# views.py
class ProductDetailConfiguration(viewsets.ModelViewSet):
queryset = Product.objects.all()
def get_queryset(self, **kwargs):
queryset = Product.objects.all()
product_id = self.request.get('product_id', None)
#filter query set based on the product_id
return queryset
serializer_class = ProductConfigurationSerializer
The URL parameters are available in self.kwargs.
From the documentation:
Filtering against the URL
Another style of filtering might involve restricting the queryset based on some part of the URL.
For example if your URL config contained an entry like this:
url('^purchases/(?P<username>.+)/$', PurchaseList.as_view()),
You could then write a view that returned a purchase queryset filtered by the username portion of the URL:
class PurchaseList(generics.ListAPIView):
serializer_class = PurchaseSerializer
def get_queryset(self):
"""
This view should return a list of all the purchases for
the user as determined by the username portion of the URL.
"""
username = self.kwargs['username']
return Purchase.objects.filter(purchaser__username=username)
You have to use lookup_field in your views to get product_id and the view should not belongs to any model. Here I already answer a question like yours using django rest framework to return info by name
Hope this will help to solve your problem.
This is my approach:
Update URL:
url(r'^product-configuration$', views.ProductDetailConfiguration, name='product-configuration'),
In view.py:
class ProductDetailConfiguration(viewsets.ModelViewSet):
lookup_field = 'product_id'
serializer_class = ProductConfigurationSerializer
def retrieve(request, product_id=None, *args, **kwargs):
queryset = self.get_queryset()
# Filter with produc_id
# print(product_id)
# Return Response
You can get the data from the request url by :-
data_dict = self.request.data
This will return a dictionary of all the parameters of the request url.
You can use the parameter name as the key