现在,我可以成功地对补丁进行身份验证、获取和删除,这样只有对该对象具有访问权限的用户才能执行此操作。但我有一个简单的问题: -如何验证POST请求? 例如: 如果两个作者相同,则用户只能创建链接到文章的ArticleImage,因此如果用户1是所有者,则用户2无法向文章添加对象。 我们还要确保用户2不能以用户1的名义进行POST请求
Model.py
class Article(models.Model):
id = models.UUIDField(primary_key=True, default=uuid.uuid4, editable=False)
author = models.ForeignKey(User,on_delete=models.CASCADE,related_name='articles')
caption = models.CharField(max_length=250)
class ArticleImage(models.Model):
id = models.UUIDField(primary_key=True, default=uuid.uuid4, editable=False)
image = models.FileField(upload_to='images',null=True,blank=True, validators=[validate_file_extension])
article = models.ForeignKey(Article, on_delete=models.CASCADE,null=True,blank=True, related_name='articleimages')
author = models.ForeignKey(User,on_delete=models.CASCADE,related_name='articleimages')
View.py
class ArticleImageViewSet(viewsets.ModelViewSet):
permission_classes = (IsAuthenticated,)
queryset = ArticleImage.objects.all()
serializer_class = ArticleImageSerializer
filter_backends = [ArticleFilterBackend]
Filter.py
class ArticleFilterBackend(filters.BaseFilterBackend):
def filter_queryset(self, request, queryset, view):
return queryset.filter(article__author=request.user)
更新:Serializer.py
class ArticleImageSerializer(serializers.ModelSerializer):
class Meta:
model = ArticleImage
fields = ('id','image','article')
class ArticleSerializer(serializers.ModelSerializer):
articleimages_set = ArticleImageSerializer(source='articleimages',required=False,many=True)
class Meta:
model = Article
fields = ('id','author','caption','articleimages_set')
更新2:
发布请求
'article':'articleid',
'image':'image.path',
标题
'Content-Type': 'application/json',"Authorization" : "Token $token"
它过去在没有def validate()
的情况下工作。
现在我得到'Article object (385395ec-dec8-472f-973f-b4f27755a658)” is not a valid UUID'.
您可以在序列化程序中执行以下操作:
在序列化程序中,您可以通过
self.context['request']
访问request
,这意味着您可以将文章的作者与当前用户进行比较,即self.context['request'].user
相关问题 更多 >
编程相关推荐