I am using Django models to create the fields for a form. I would like to have the user's username automatically detected in and be filled out, this way I can hide it in my form (instead of having them choose their username from a long list that has everyones username). To do this I am using:
current_user = request.user
and then setting the default to current_user. However, I keep getting this error:
NameError: name 'request' is not defined
I'm assuming you can't use requests in Django models, but is there anyway to get around this? Here is the relevant sections of my models.py file:
class StockTickerSymbol(models.Model):
StockName = models.CharField(max_length=7, unique=True)
current_user = request.user
user = models.ForeignKey(User, default=current_user)
Anyone know how I can use requests in my models, or somehow call the variable current_user?
Here you haven't imported request in that model class scope. This is how you can get user:
# model
class StockTickerSymbol(models.Model):
StockName = models.CharField(max_length=7, unique=True)
user = models.ForeignKey(User)
def save(self,**kwargs):
if kwargs.has_key('request') and self.user is None:
request = kwargs.pop('request')
self.user= request.user
super(StockTickerSymbol, self).save(**kwargs)
#views:
def post(self, request):
if form.is_valid():
sts=StockTickerSymbol()
sts.StockName= form.cleaned_data['StockName']
if form.cleaned_data['user'] is None: #null check
sts.save(request=request)
else:
sts.user= form.cleaned_data['user']
sts.save(request=request)
For modelform:
class SomeForm(forms.ModelForm):
...
def save(self, commit=True ,*args, **kwargs):
request = None
if kwargs.has_key('request'):
request = kwargs.pop('request')
m = super(SomeForm, self).save(commit=False, *args, **kwargs)
if m.user is None and request is not None:
m.user= request.user
m.save()
in views:
def post(self, request):
if form.is_valid():
form.save(request=request)
return ...
Related
Here is my scenario. I want one of my model fields to be auto-fill based on whether the user is authenticated or not. Like when the user submits the form, I need to check if the user is authenticated and then fill the created_by field up with <User Object> otherwise, leave it Null if possible.
Here is my model:
class Snippet(models.Model):
# ---
create_by = models.ForeignKey(
User,
on_delete = models.CASCADE,
null=True,
)
# ---
Here is my view:
class SnippetCreateView(CreateView):
# ---
def save(self, request, *args, **kwargs):
if request.user.is_authenticated:
user = User.objects.get(username=request.user.username)
request.POST['create_by'] = user # --->> TraceBack: due to immutability..
return super().post(request, *args, **kwargs)
# ---
Since the request.POST QueryDict is immutable, how can I implement it?? I have tried multiple ways like creating a copy of that but nothing happens and it doesn't change anything.
But..
I can implement it like this and it works with no problem. I think this solution is dirty enough to find a better way. What do you think about this solution??
class Snippet.CreateView(CreateView):
# ---
def save(self, request, *args, **kwargs):
if request.user.is_authenticated:
user = User.objects.get(username=request.user.username)
data = {
'title': request.POST['title'],
# ---
'create_by': user if user else None,
}
snippet = Snippet.objects.create(**data).save()
# redirecting to Snippet.get_absolute_url()
# ---
This solution is applied only if you are using django ModelForm.
class CreateArticle(CreateView):
model = Snippet
.........
def form_valid(self, form):
user = self.request.user
form.instance.created_by = user if user else None
return super(CreateArticle, self).form_valid(form)
......
I have this following model
class User(models.Model):
UserName = models.CharField(max_length=20)
Password = models.CharField(max_length=255)
RoleName = models.CharField(max_length=30)
Email = models.EmailField(max_length=50)
ApartmentName = models.CharField(max_length=50)
UserId = models.BigAutoField(primary_key=True)
I have saved the data by calling this view
class Register(generics.CreateAPIView):
serializer_class = serializers.UserSerializer
def get_queryset(self, *args, **kwargs):
return models.User.objects.all()
def post(self, request, *args, **kwargs):
return self.create(request, *args, **kwargs)
But before the row to be created in the database table i need to change the password to the hashed form, i cant alter the post variables in the request since it is immutable.How to hash the password with make_password before saving the data?
You can do it in serializer class
class UserSerializer(ModelSerializer):
class Meta:
model=User
fields = ('Username', 'Password', #others)
def create(self, validated_data):
user = User()
user.Username = validated_data['Username']
user.Password = make_password(validated_data['Password'])
# other
'make_password' could be any function that you want
Then in view just save the serializer
If the User objects are created only from Register view, override the create method of UserSerializer works fine. However, users created through others ways (admin interface, django form, management command, etc.) will not have their passwords encrypted unless you provide some code to do so in all of theese ways.
To hash the password before save any user, a better aproach is create a pre_save signal or override the save method of User to hash the password (serializer and view will not change)
class User(models.Model):
...
def save(self, **kwargs):
self.password = make_password(self.password)
return super(User, self).save(**kwargs)
Make sure the password does not exist or has been changed before call make_password to not encode an already encoded password
I want to create an API where user can update their profile. In my case, a user can update his/her username and password. To change his/her profile, an API link should be /api/change/usernameOfThatUser. When I use a non-existing username in the link, I still get the userProfileChange API page, and the input boxes are not filled with previous data. How can I solve this?
serializers.py
User = get_user_model()
class UserProfileChangeSerializer(ModelSerializer):
username = CharField(required=False, allow_blank=True, initial="current username")
class Meta:
model = User
fields = [
'username',
'password',
]
def update(self, instance, validated_data):
instance.username = validated_data.get('username',instance.username)
print('instance of username',instance.username)
return instance
views.py
class UserProfileChangeAPIView(UpdateAPIView):
serializer_class = UserProfileChangeSerializer
lookup_field = 'username'
urls.py
url(r'^change/(?P<username>[\w-]+)$', UserProfileChangeAPIView.as_view(), name='changeProfile'),
Maybe try doing something like this instead in your views.py?
from rest_framework import generics, mixins, permissions
User = get_user_model()
class UserIsOwnerOrReadOnly(permissions.BasePermission):
def has_object_permission(self, request, view, obj):
if request.method in permissions.SAFE_METHODS:
return True
return obj.id == request.user.id
class UserProfileChangeAPIView(generics.RetrieveAPIView,
mixins.DestroyModelMixin,
mixins.UpdateModelMixin):
permission_classes = (
permissions.IsAuthenticated,
UserIsOwnerOrReadOnly,
)
serializer_class = UserProfileChangeSerializer
parser_classes = (MultiPartParser, FormParser,)
def get_object(self):
username = self.kwargs["username"]
obj = get_object_or_404(User, username=username)
return obj
def delete(self, request, *args, **kwargs):
return self.destroy(request, *args, **kwargs)
def put(self, request, *args, **kwargs):
return self.update(request, *args, **kwargs)
This will give you all of the existing data for the user based on the username passed in the url. If the username does not exist, it will raise a 404 error. You can also update or delete the object.
When creating an object initially I use the currently logged-in user to assign the model field 'owner'.
The model:
class Account(models.Model):
id = models.AutoField(primary_key=True)
owner = models.ForeignKey(User)
name = models.CharField(max_length=32, unique=True)
description = models.CharField(max_length=250, blank=True)
Serializer to set owner:
class AccountSerializer(serializers.ModelSerializer):
class Meta:
model = models.Account
fields = ('name', 'description')
def restore_object(self, attrs, instance=None):
instance = super().restore_object(attrs, instance)
request = self.context.get('request', None)
setattr(instance, 'owner', request.user)
return instance
It is possible for a different user in my system to update another's Account object, but the ownership should remain with the original user. Obviously the above breaks this as the ownership would get overwritten upon update with the currently logged in user.
So I've updated it like this:
class AccountSerializer(serializers.ModelSerializer):
class Meta:
model = models.Account
fields = ('name', 'description')
def restore_object(self, attrs, instance=None):
new_instance = False
if not instance:
new_instance = True
instance = super().restore_object(attrs, instance)
# Only set the owner if this is a new instance
if new_instance:
request = self.context.get('request', None)
setattr(instance, 'owner', request.user)
return instance
Is this the recommended way to do something like this? I can't see any other way, but I have very limited experience so far.
Thanks
From reviewing #zaphod100.10's answer. Alternatively, in the view code (with custom restore_object method in above serializer removed):
def post(self, request, *args, **kwargs):
serializer = self.get_serializer(data=request.DATA, files=request.FILES)
if serializer.is_valid():
serializer.object.owner = request.user
self.pre_save(serializer.object)
self.object = serializer.save(force_insert=True)
self.post_save(self.object, created=True)
headers = self.get_success_headers(serializer.data)
return Response(serializer.data, status=status.HTTP_201_CREATED,
headers=headers)
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
Basically you want the owner to be set on creation and not on subsequent updates. For this I think you should set the owner in the POST view. I think it is more logical and robust that way. Update is done via PUT view so your data should always be correct since no way on updation the owner can be changed if the owner is not editable on PUT.
For making the views you can use DRF's generic class based views. Use the RetrieveUpdateDeleteView as it is. For ListCreateView override the post method. Use a django model form for validating the data and creating an account instance.
You will have to copy the request.DATA dict and insert 'owner' as the current user.
The code for the POST method can be:
def post(self, request, *args, **kwargs):
data = deepcopy(request.DATA)
data['owner'] = request.user
form = AccountForm(data=data)
if form.is_valid():
instance = form.save(commit=false)
instance.save()
return Response(dict(id=instance.pk), status=status.HTTP_201_CREATED)
return Response(form.errors, status=status.HTTP_400_BAD_REQUEST)
Potential other option using pre_save which I think seems to be intended for just this kind of thing.
class AccountList(generics.ListCreateAPIView):
serializer_class = serializers.AccountSerializer
permission_classes = (permissions.IsAuthenticated)
def get_queryset(self):
"""
This view should return a list of all the accounts
for the currently authenticated user.
"""
user = self.request.user
return models.Account.objects.filter(owner=user)
def pre_save(self, obj):
"""
Set the owner of the object to the currently logged in user as this
field is not populated by the serializer as the user can not set it
"""
# Throw a 404 error if there is no authenticated user to use although
# in my case this is assured more properly by the permission_class
# specified above, but this could be any criteria.
if not self.request.user.is_authenticated():
raise Http404()
# In the case of ListCreateAPIView this is not necessary, but
# if doing this on RetrieveUpdateDestroyAPIView then this may
# be an update, but if it doesn't exist will be a create. In the
# case of the update, we don't wish to overwrite the owner.
# obj.owner will not exist so the way to test if the owner is
# already assigned for a ForeignKey relation is to check for
# the owner_id attribute
if not obj.owner_id:
setattr(obj, 'owner', self.request.user)
I think this is the purpose of pre_save and it is quite concise.
Responsibilities should be split here, as the serializer/view only receives/clean the data and make sure all the needed data is provided, then it should be the model responsibility to set the owner field accordingly. It's important to separate these two goals as the model might be updated from elsewhere (like from an admin form).
views.py
class AccountCreateView(generics.CreateAPIView):
serializer_class = serializers.AccountSerializer
permission_classes = (permissions.IsAuthenticated,)
def post(self, request, *args, **kwargs):
# only need this
request.data['owner'] = request.user.id
return super(AccountCreateView, self).post(request, *args, **kwargs)
models.py
class Account(models.Model):
# The id field is provided by django models.
# id = models.AutoField(primary_key=True)
# you may want to name the reverse relation with 'related_name' param.
owner = models.ForeignKey(User, related_name='accounts')
name = models.CharField(max_length=32, unique=True)
description = models.CharField(max_length=250, blank=True)
def save(self, *args, **kwargs):
if not self.id:
# only triggers on creation
super(Account, self).save(*args, **kwargs)
# when updating, remove the "owner" field from the list
super(Account, self).save(update_fields=['name', 'description'], *args, **kwargs)
I am trying to populate the field 'owner' in the my NoteForm. I read in documentation that I need to use the Admin for that.But i still get this error : note_note.owner_id may not be NULL. Need help. Code:
forms.py:
class NoteForm(forms.ModelForm):
class Meta:
model = Note
fields = ('title','body')
models.py:
class Note(models.Model):
title = models.CharField(max_length=200)
body = models.TextField()
cr_date = models.DateTimeField(auto_now_add=True)
owner = models.ForeignKey(User, blank=False)
admin.py
class NoteAdmin(admin.ModelAdmin):
def save_model(self, request, obj, form, change):
obj = form.save(commit=False)
obj.owner = request.user
obj.save()
def save_formset(self, request, form, formset, change):
instances = formset.save(commit=False)
for instance in instances:
instance.user = request.user
instance.save()
else:
fromset.save_m2m()
admin.site.register(Note, Noteadmin)
views.py:
def create(request):
if request.POST:
form = NoteForm(request.POST, request.FILES)
if form.is_valid():
form.save()
return HttpResponceRedirect('/notes/all')
else:
form = NoteForm()
args = {}
args.update(csrf(request))
args['form'] = form
return render_to_response('create_note.html', args)
I do not understand the point of Admin over here. From the code, what I understood is you creating a simple django form for your site and getting the error on form submission. If that's case, the solution is quiet easy. This error is generated because you are try to save a record in your Note model without any reference to User. As there's a db constraint on the foreign key field, it raises the error. Solution is easy, just add owner to the list of fields in the form or modify the save method to assign an owner to the note. If you'll use the first option, the user will be able to see and select the owner. And if you want to pre-populate that particular field, pass initial value to the form.