如何使用令牌身份验证对Post请求进行身份验证?

2024-03-29 13:28:41 发布

您现在位置:Python中文网/ 问答频道 /正文

现在,我可以成功地对补丁进行身份验证、获取和删除,这样只有对该对象具有访问权限的用户才能执行此操作。但我有一个简单的问题: -如何验证POST请求? 例如: 如果两个作者相同,则用户只能创建链接到文章的ArticleImage,因此如果用户1是所有者,则用户2无法向文章添加对象。 我们还要确保用户2不能以用户1的名义进行POST请求

Model.py

class Article(models.Model):

    id = models.UUIDField(primary_key=True, default=uuid.uuid4, editable=False)
    author = models.ForeignKey(User,on_delete=models.CASCADE,related_name='articles')
    caption = models.CharField(max_length=250)

class ArticleImage(models.Model):

    id = models.UUIDField(primary_key=True, default=uuid.uuid4, editable=False)
    image = models.FileField(upload_to='images',null=True,blank=True, validators=[validate_file_extension])
    article = models.ForeignKey(Article, on_delete=models.CASCADE,null=True,blank=True, related_name='articleimages')
    author = models.ForeignKey(User,on_delete=models.CASCADE,related_name='articleimages')


View.py

class ArticleImageViewSet(viewsets.ModelViewSet):
    permission_classes = (IsAuthenticated,)
    queryset = ArticleImage.objects.all()
    serializer_class = ArticleImageSerializer
    filter_backends = [ArticleFilterBackend]

Filter.py

class ArticleFilterBackend(filters.BaseFilterBackend):
    
    def filter_queryset(self, request, queryset, view):
        return queryset.filter(article__author=request.user)

更新:Serializer.py

class ArticleImageSerializer(serializers.ModelSerializer):
    
    class Meta:
        model = ArticleImage
        fields = ('id','image','article')

class ArticleSerializer(serializers.ModelSerializer):
    articleimages_set = ArticleImageSerializer(source='articleimages',required=False,many=True)  

    class Meta:
        model = Article
        fields = ('id','author','caption','articleimages_set')

更新2:

发布请求

'article':'articleid',
'image':'image.path',

标题

'Content-Type': 'application/json',"Authorization" : "Token $token"

它过去在没有def validate()的情况下工作。 现在我得到'Article object (385395ec-dec8-472f-973f-b4f27755a658)” is not a valid UUID'.


Tags: 用户pyimageidfalsetruemodelmodels
1条回答
网友
1楼 · 发布于 2024-03-29 13:28:41

您可以在序列化程序中执行以下操作:

from rest_framework.exceptions import ValidationError


class ArticleImageSerializer(serializers.ModelSerializer):
    
    class Meta:
        model = ArticleImage
        fields = ('id','image','article')

    def validate(self, attrs):
        attrs = super().validate(attrs)
        if attrs['article'].author != self.context['request'].user:
            raise ValidationError('Article does not belong to current user')
        return attrs

在序列化程序中,您可以通过self.context['request']访问request,这意味着您可以将文章的作者与当前用户进行比较,即self.context['request'].user

相关问题 更多 >