我通过很多例子自己工作,但我找不到100%工作的方式。
class QuestionViewSet(viewsets.ModelViewSet):
queryset = QNAQuestion.objects.all()
serializer_class = QuestionSerializer
permission_classes = (IsOwnerOrReadOnly, )
filter_fields = ('id', 'user')
filter_backends = (filters.DjangoFilterBackend, filters.OrderingFilter)
def perform_create(self, serializer):
serializer.save(user=self.request.user)
到目前为止工作正常,但仍然要求user_id由用户输入提供,即使它被request.user忽略并重新占用。
class QuestionSerializer(serializers.ModelSerializer):
class Meta:
user = serializers.ReadOnlyField()
model = QNAQuestion
fields = ('id','user','subject', 'body', 'solution')
所以我想我必须修改我的序列化程序。我尝试过HiddenInput和ReadOnly,但两者都没有真正做到。如果我将其隐藏起来,则不再需要user_id,但在查看现有对象时也会隐藏它。如果我将其设为只读,则不需要,但保存序列化器不再起作用。我收到错误消息,即django对象不能序列化为JSON。
class IsOwnerOrReadOnly(permissions.BasePermission):
"""
Object-level permission to only allow owners of an object to edit it.
Assumes the model instance has an `user` attribute.
"""
def has_object_permission(self, request, view, obj):
# Read permissions are allowed to any request,
# so we'll always allow GET, HEAD or OPTIONS requests.
if not request.user.is_authenticated():
return False
if request.method in permissions.SAFE_METHODS:
return True
# Instance must have an attribute named `owner`.
return obj.user == request.user
那么如何解决这个问题呢? user_id应该是可见的,但我希望它是request.user,我不希望在创建新对象时需要它。理想情况下,在使用自动生成的api gui时也应该隐藏它。
感谢您的时间。对不起拼写错误或语法错误,我不是母语人士。
答案 0 :(得分:1)
尝试仅使字段required=False而不是Hidden或ReadOnly。
class QuestionSerializer(serializers.ModelSerializer):
class Meta:
model = QNAQuestion
fields = ('id','user','subject', 'body', 'solution')
extra_kwargs = {
'user': {'required': False}
}