Django rest框架中request.user的字段级验证
我正在建立一个Django REST应用程序,人们可以在其中查看餐厅。到目前为止,我有这些模型:Django rest框架中request.user的字段级验证,django,django-rest-framework,Django,Django Rest Framework,我正在建立一个Django REST应用程序,人们可以在其中查看餐厅。到目前为止,我有这些模型: class RestaurantId(models.Model): maps_id = models.CharField(max_length=140, unique=True) adress = models.CharField(max_length=240) name = models.CharField(max_length=140) class R
class RestaurantId(models.Model):
maps_id = models.CharField(max_length=140, unique=True)
adress = models.CharField(max_length=240)
name = models.CharField(max_length=140)
class RestaurantReview(models.Model):
review_author = models.ForeignKey(settings.AUTH_USER_MODEL,
on_delete=models.CASCADE)
restaurant_id = models.ForeignKey(RestaurantId, on_delete=models.CASCADE)
created_at = models.DateTimeField(auto_now_add=True)
updated_at = models.DateTimeField(auto_now=True)
class StarterPics(models.Model):
restaurant_review_id = models.OneToOneField(RestaurantReview,
on_delete=models.CASCADE)
pics_author = models.ForeignKey(User, on_delete=models.CASCADE)
restaurant_id = models.ForeignKey(RestaurantId, on_delete=models.CASCADE)
name_1 = models.CharField(max_length=40)
picture_1 = models.ImageField()
我的序列化程序:
class RestaurantIdSerializer(serializers.ModelSerializer):
class Meta:
model = RestaurantId
field = fields = '__all__'
class RestaurantReviewSerializer(serializers.ModelSerializer):
class Meta:
model = RestaurantReview
field = fields = '__all__'
class StarterPicsSerializer(serializers.ModelSerializer):
class Meta:
model = StarterPics
fields = '__all__'
def validate_restaurant_review_id(self, value)
if value.review_author != self.request.user:
raise serializers.ValidationError("User has not reviewed the restaurant")
return value
我的看法:
class RestaurantIdViewset(viewsets.ModelViewSet):
queryset = models.RestaurantId.objects.all()
serializer_class = serializers.RestaurantIdSerializer
class RestaurantReviewViewset(viewsets.ModelViewSet):
queryset = models.RestaurantReview.objects.all()
serializer_class = serializers.RestaurantReviewSerializer
permission_classes = [IsAuthenticatedOrReadOnly,IsAuthorOrReadOnly]
def perform_create(self, serializer):
serializer.save(review_author=self.request.user)
class StarterPicsViewset(viewsets.ModelViewSet):
queryset = models.StarterPics.objects.all()
serializer_class = serializers.StarterPicsSerializer
permission_classes = [IsAuthenticatedOrReadOnly]
I have set up permissions as well so only the review_author can update his reviews and pics_author can update his pictures.
我的权限:
class IsOwnReviewOrReadOnly(permissions.BasePermission):
def has_object_permission(self, request, view, obj):
if request.method in permissions.SAFE_METHODS:
return True
return obj.pics_author == request.user
class IsAuthorOrReadOnly(permissions.BasePermission):
def has_object_permission(self, request, view, obj):
if request.method in permissions.SAFE_METHODS:
return True
return obj.review_author == request.user
运行Django服务器时,我得到一个'StarterPicsSerializer'对象没有属性'request'
此验证适用于尚未撰写评论的用户(评论作者)无法在StarterPics
中发布图片。因此,只有创建评论的用户才能在上面发布图片
我尝试了另一个验证,但也没有成功:
def validate_restaurant_review_id(self, value):
if not RestaurantReview.objects.filter(restaurant_review_id=value,
review_author=self.request.user).exists():
raise serializers.ValidationError('Not your review')
return value
除了要序列化的对象之外,还可以通过在视图中实例化序列化程序时传递上下文参数来为序列化程序提供额外的上下文
serializer=RandomSerializer(实例,上下文={'request':request})
如果使用或(继承形式
GenericAPIView
),则序列化程序self.context
dict中已有请求
class StarterPicsSerializer(serializers.ModelSerializer):
class Meta:
model = StarterPics
fields = '__all__'
def validate_restaurant_review_id(self, value):
print(self.context['request'])
class StarterPicsSerializer(serializers.ModelSerializer):
类元:
型号=起动装置
字段='\uuuu所有\uuuu'
def验证\餐厅\审核\ id(自我、价值):
打印(self.context['request'])
在视图中实例化序列化程序时,通过传递上下文参数,除了要序列化的对象之外,还可以为序列化程序提供额外的上下文
serializer=RandomSerializer(实例,上下文={'request':request})
如果使用或(继承形式
GenericAPIView
),则序列化程序self.context
dict中已有请求
class StarterPicsSerializer(serializers.ModelSerializer):
class Meta:
model = StarterPics
fields = '__all__'
def validate_restaurant_review_id(self, value):
print(self.context['request'])
class StarterPicsSerializer(serializers.ModelSerializer):
类元:
型号=起动装置
字段='\uuuu所有\uuuu'
def验证\餐厅\审核\ id(自我、价值):
打印(self.context['request'])
我应该在哪里添加它?取决于您的视图,如果您使用GenericAPIView
或其子视图,如ModelViewSet
,然后,请求
已在序列化程序中可用。上下文
我已使用我的代码更新了我的问题,以便您可以更清楚地了解我的问题。如果您在视图中使用ModelViewSet
,那么您可以在序列化程序中使用self.context['request']
直接访问请求
,因此它变成了review\u author=self.context['request']。user
我应该在哪里添加它?取决于您的视图,如果您使用GenericAPIView
或其子视图,如ModelViewSet
,然后,请求
已在序列化程序中可用。上下文
我已使用我的代码更新了我的问题,以便您可以更清楚地了解我的问题。如果您在视图中使用ModelViewSet
,那么您可以在序列化程序中使用self.context['request']
直接访问请求
,因此它变成了review\u author=self.context['request'].user