Django Tasypie,如何防止修改由外键链接的资源
我有两个资源由外键链接 我希望在创建/修改作业时使AUser资源为只读Django Tasypie,如何防止修改由外键链接的资源,django,tastypie,Django,Tastypie,我有两个资源由外键链接 我希望在创建/修改作业时使AUser资源为只读 class AUser(ModelResource): class Meta: queryset = User.objects.all() resource_name = 'user' authentication = SessionAuthentication() authorization = Authorization() excl
class AUser(ModelResource):
class Meta:
queryset = User.objects.all()
resource_name = 'user'
authentication = SessionAuthentication()
authorization = Authorization()
excludes = ['email', 'password', 'is_superuser', 'is_staff', 'is_active', 'date_joined', 'last_login']
def can_update(self):
return False
def can_create(self):
return False
def can_delete(self):
return False
def apply_authorization_limits(self, request, object_list):
return object_list.filter(pk=request.user.pk)
class AJob(ModelResource):
user = fields.ForeignKey( AUser, 'user', full=True)
paused = fields.BooleanField(attribute='isPaused', readonly=True)
hasRules = fields.BooleanField(attribute='hasRules', readonly=True)
class Meta:
queryset = Job.objects.all()
resource_name = 'job'
authentication = SessionAuthentication()
api_name = 'v1'
authorization = Authorization()
allowed_methods = ['get', 'post', 'delete']
def obj_create(self, bundle, request=None, **kwargs):
return super(AJob, self).obj_create(bundle, request, user=request.user)
def apply_authorization_limits(self, request, object_list):
return object_list.filter(user=request.user)
我尝试直接将readonly=True添加到foreignKey,但在补水时忽略了它
并获取约束冲突,因为用户为null
如果在我的职位请求中,我附加
“user”:{“id”:“5”,“is_staff”:false}
5作为当前用户
更新用户模型,删除管理员角色
似乎在执行save_related时,tastype不会检查任何授权
如何将此用户资源设置为只读
我使用的是tastypie v0.9.12-alpha您可以在
AJob
资源中修改save\u相关的方法,并将其定义为不修改AUser
。您可以根据需要定义ForeignKey do be readonly,但随后必须提供detercheme\u user
方法,并在其中获取要返回的值。它类似于返回bundle['data']。user
我必须尝试只读和脱水用户,在会话中返回用户,这听起来是一种合理的方法。谢谢:)