1. 首頁
  2. 問答
  3. Django的tastypie填充字段

Django的tastypie填充字段

2012-11-19 45 views
2

假設我有:Django的tastypie填充字段

models.py

class Books(models.Model): 
    owner = models.ForeignKey(User) 
    title = models.CharField(max_length = 100)

api.py

class UserResource(ModelResource): 
    #blhblahblah as usual 

class BooksResource(ModelResource): 

    owner= fields.ToOneField(UserResource, 'owner') 

    class Meta: 
     queryset = Books.objects.all() 
     authorizarion = Authorization()

然後,我發出:

curl --dump-header - -H "Content-Type: application/json" -X POST --data "{\"owner\" : \"/api/v1/user/1/\", \"title\" : \"foo\"}" http://localhost:8000/api/data/album/

,它的工作,我得到了我的新Books

然後我嘗試添加該到BooksResource

def hydrate_owner(self, bundle): 
    bundle.obj.owner = User.objects.get(pk = bundle.request.user.id) 
    return bundle

當我沒有\"owner\" : \"/api/v1/user/1/\"再做curl擺脫\"owner\" : \"/api/v1/user/1/\",響應404 not found

然後我嘗試不同的方法:

def obj_create(self, bundle, request = None, **kwargs): 
    return super(BooksResource, self).obj_create(bundle, request, owner = User.objects.get(pk = request.user.id)) 


def obj_create(self, bundle, request = None, **kwargs): 
    return super(BooksResource, self).obj_create(bundle, request, owner = User.objects.get(pk = bundle.request.user.id))

我仍然得到404 not found

能傢伙幫我嗎?

來源

2012-11-19 Otskimanot Sqilal

回答

1

衛生署,顯然這是我愚蠢的錯誤,

class BooksResource(ModelResource): 

    owner= fields.ToOneField(UserResource, 'owner') 

    class Meta: 
     queryset = Books.objects.all() 
     authorizarion = Authorization() 

     def hydrate_owner(self, bundle): 
      bundle.obj.owner = bundle.request.user.id 
      return bundle

的錯誤是壓痕! hydrate_owner假設是BooksResource方法,所以我改變了代碼一點,它的工作原理:

class BooksResource(ModelResource): 

    owner= fields.ToOneField(UserResource, 'owner') 

    class Meta: 
     queryset = Books.objects.all() 
     authorizarion = Authorization() 

    def hydrate_owner(self, bundle): 
     bundle.data['owner'] = User.objects.get(pk = bundle.request.user.pk) 
     return bundle

來源

2012-11-19 07:20:13

1

我開始下來的路徑設置爲新對象業主這條道路,但這樣做的授權檢查時上我陷入了麻煩更新請求(去單元測試!)。

設定: 對象A - 從用戶Y由用戶X 更新請求資修改對象A(其應該失敗)

的修改請求的對象A進來以餅圖美味從用戶Y和水合物覆蓋將在物體A的工作副本中將所有者設置爲Y.

接下來將請求發送到我的授權對象以檢查用戶Y是否可以修改對象。我的授權代碼在對象中查找,並看到對象的所有者字段爲Y,所以我們很好。哎呀!安全漏洞!

我決定做的是重寫ResourceModel中的obj_create()並在那裏進行賦值。到現在爲止還挺好!

例如

class SmApiNewsItem(ModelResource): 
 
    owner = fields.ForeignKey(SmApiUser, 'owner') 
 
    
 
    class Meta: 
 
     if SMARF_AUTH_ON: 
 
      authentication = ApiKeyAuthentication() 
 
     authorization = ScsGdnAuthVisibleToAllEditOnlyByOwner() 
 
     queryset = SmModelNewsItems.objects.all() 
 
     resource_name = 'news_item' 
 
     filtering = smMakeFilterAllFieldsFilter(SmModelNewsItems) 
 
     ordering = smMakeOrderingFieldList(SmModelNewsItems) 
 
     serializer = SmarfSerializer() 
 

 
    def obj_create(self, bundle, **kwargs): 
 
     bundle.data["owner"] = bundle.request.user 
 
     return super(SmApiNewsItem, self).obj_create(bundle, **kwargs)

來源

2015-03-05 20:22:49

相關問題

 相關問題