how to save foreign keys using django-rest-framework - django

I'm new to Django and I'm trying to save Unit and current_user foreign keys in the database based pk obtained but every time I try doing so but run into two types of error serializers.is_valid() raises an exception error or the serializer returns "Invalid data. Expected a dictionary, but got Unit."
I have tried a very very ugly way of bypassing serializers by getting rid but i get ee8452a4-2a82-4804-a010-cf2f5a41e006 must be an instance of SavedUnit.unit.I have also tried saving the foreign key directly using SavedUnit.objects.create() without luck
model.py
class SavedUnit(models.Model):
"""
Saving units for later models
relationship with units and users
"""
id = models.UUIDField(primary_key=True, default=hex_uuid, editable=False)
unit = models.ForeignKey(Unit, on_delete=models.CASCADE)
user = models.ForeignKey('accounts.User', on_delete=models.CASCADE, related_name='user')
published_at = models.DateTimeField(auto_now_add=True)
serializers.py
class SavedSerializer(serializers.ModelSerializer):
unit = UnitSerializer()
class Meta:
model = SavedUnit
fields = [
'id',
'unit'
]
views.py
class SavedUnitView(APIView):
"""
Query all the unites saved
"""
#staticmethod
def get_unit(request, pk):
try:
return Unit.objects.get(pk=pk)
except Unit.DoesNotExist:
return Response(status=status.HTTP_400_BAD_REQUEST)
#staticmethod
def post(request, pk):
if request.user.is_authenticated:
unit = get_object_or_404(Unit, id=pk)
serializers = SavedSerializer(data=unit)
if serializers.is_valid(raise_exception=True):
created = SavedUnit.objects.get_or_create(
user=request.user,
unit=unit)
return Response(status=status.HTTP_201_CREATED)
return Response(status=status.HTTP_401_UNAUTHORIZED)
def get(self, request):
units = SavedUnit.objects.filter(user=self.request.user.id)
try:
serializers = SavedSerializer(units, many=True)
return Response(serializers.data, status=status.HTTP_200_OK)
except Unit.DoesNotExist:
return Response(status=status.HTTP_500_INTERNAL_SERVER_ERROR)

Your code is using serializer only for validation, but it is possible use it to insert or update new objects on database calling serializer.save().
To save foreign keys using django-rest-framework you must put a related field on serializer to deal with it. Use PrimaryKeyRelatedField.
serializers.py
class SavedSerializer(serializers.ModelSerializer):
unit_id = serializers.PrimaryKeyRelatedField(
source='unit',
queryset=Unit.objects.all()
)
unit = UnitSerializer(read_only=True)
class Meta:
model = SavedUnit
fields = [
'id',
'unit_id',
'unit'
]
views.py
class SavedUnitView(APIView):
permission_classes = (permissions.IsAuthenticated,) # For not handling authorization mannually
def post(request):
serializer = SavedSerializer(data=request.data)
serializer.is_valid(raise_exception=True) # Trigger Bad Request if errors exist
serializer.save(user=request.user) # Passing the current user
return Response(serializer.data, status=status.HTTP_201_CREATED)
Now, the id of the unit will be passed in the request body like this
POST /saved-units/
Accept: application/json
Content-Type: application/json
Authorization: Token your-api-token
{
"unit_id": 5 # Id of an existing Unit
}

Actually the problem is here:
def post(request, pk):
if request.user.is_authenticated:
unit = get_object_or_404(Unit, id=pk)
serializers = SavedSerializer(data=unit) <-- Here
You are passing a unit instance, but it should be request.data, like this:
serializers = SavedSerializer(data=request.data)
( I am unsure about what you are doing, if you already have PK, then why are you even using serializer? because you don't need it as you already have the unit, and you can access current user from request.user, which you are already doing. And I don't think you should use #staticmethod, you can declare the post method like this: def post(self, request, pk) and remove static method decorator)

Related

How can I add a related field to serializer instance?

I have the following model + serializer where I send a post request to create a new model instance. The user sending the post request is related to a Company which I want to pass as related model instance to the serializer.
But how to actually define this instance and attach it to the serializer instance within the post view?
# views.py
class OfferList(APIView):
"""
List all Offers or create a new Offer related to the authenticated user
"""
def get(self, request):
offers = Offer.objects.filter(company__userprofile__user=request.user)
serializer = OfferSerializer(offers, many=True)
return Response(serializer.data)
def post(self, request):
serializer = OfferSerializer(data=request.data)
# Add related company instance
company = Company.objects.get(userprofile__user=request.user)
serializer['company'] = company # this doesn't work
if serializer.is_valid():
serializer.save()
return Response(serializer.data,
status=status.HTTP_201_CREATED)
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
# offer/models.py
class Offer(models.Model):
"""
A table to store Offer instances
"""
# Relations
company = models.ForeignKey(Company, on_delete=models.CASCADE)
..
# serializers.py
class OfferSerializer(serializers.ModelSerializer):
class Meta:
model = Offer
fields = '__all__'
user/models.py
class UserProfile(models.Model):
"""
Extends Base User via 1-1 for profile information
"""
# Relations
user = models.OneToOneField(User, on_delete=models.CASCADE)
company = models.ForeignKey(Company, on_delete=models.CASCADE, null=True)
One simple way is to pass your company instance through your serializer. So maybe changing your post method to something like:
from rest_framework.generics import get_object_or_404
def post(self, request):
serializer = OfferSerializer(data=request.data)
# Add related company instance
if serializer.is_valid():
company = get_object_or_404(Company, userprofile__user=request.user) # raising 404 exception if related company does not exist,
# and you're sure that there is one and only one company for this user not more!
serializer.save(company=company)
return Response(serializer.data,
status=status.HTTP_201_CREATED)
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
and then change your serializer fields to exclude company field from them (because you are already sending this data through your serializer):
class OfferSerializer(serializers.ModelSerializer):
class Meta:
model = Offer
fields = ["some_field", "other_field"] # Do not include company in your fields.
# also note that since I didn't know your Offer's fields I used ["some_field", "other_field"] for fields
hope this solves your problem.
Hmm, I think the use of the context for serializers will be a nice way to solve your case.
# serializers.py
class OfferSerializer(serializers.ModelSerializer):
class Meta:
model = Offer
# now that we do not want company from the request body
exclude = ["company"]
def create(self, validated_data):
# add company to the validated data from the context
# we can feed the context from the APIView
validated_data["company"] = self.context.get("company", None)
...
return super().create(validated_data)
# views.py
class OfferList(APIView):
def post(self, request):
# imo, we do not have to query for UserProfile
# if the company is assigned to the UserProfile instance for the requestor
# then, one2one relation can give us this
context = {"company": request.user.userprofile.company}
serializer = OfferSerializer(data=request.data, context=context)
if serializer.is_valid():
serializer.save()
return Response(serializer.data, status=status.HTTP_201_CREATED)
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)

Configure Django Rest Framework to populate user field with logged in user before serializer validation

I have an API endpoint that supports the POST method which works if I include the user in the request payload.
I would like to eliminate this from the request payload and have DRF just use the logged in user.
I am getting the following error when I omit the user from the request body:
HTTP 400 Bad Request
Allow: GET, POST, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept
{
"user": [
"This field is required."
]
}
This appears to be coming from when the framework calls serializer.is_valid().
How do I configure DRF to populate the user from request.user so that serializer validation doesn't fail?
models.py
class Task(models.Model):
created = models.DateTimeField(auto_now_add=True)
user = models.ForeignKey(CustomUser, on_delete=models.CASCADE)
domain = models.CharField(max_length=settings.MAX_CHAR_COUNT)
serializers
class TaskSerializer(serializers.HyperlinkedModelSerializer):
user = serializers.SlugRelatedField(queryset=CustomUser.objects.all(), slug_field='email')
class Meta:
model = Task
fields = ['id', 'created', 'domain', 'user']
views.py
class TaskApiViewSet(viewsets.ModelViewSet):
permission_classes = [permissions.IsAuthenticated,]
serializer_class = TaskSerializer
task_service = TaskService()
"""
GET /api/tasks
"""
def get_queryset(self):
user = self.request.user
if user.is_superuser:
return Task.objects.all()
return Task.objects.filter(user=self.request.user)
"""
POST /api/tasks
"""
def create(self, request):
domain = request.data['domain']
can_create_task = self.task_service.can_create_task(user=request.user, domain_name=domain)
if not can_create_task:
raise PermissionDenied(code=None, detail=None)
return super().create(request)
The correct method of doing this, according to Django Rest Framework, is to override the perform_create() method in your ViewSet, which is responsible of creating an instance of a model using a serializer. You can pass additional data to the serializer:
def perform_create(self, serializer):
serializer.save(user=self.request.user)
The original definition of the perform_create() method can be found here.
You might need to completely override your ViewSet's create() method to be able to pass a modified dict to the serializer. You can just copy the original definition
Afterwards you can add the user to the request data by making a copy, modifying it, and passing it to the serializer:
def create(self, request, *args, **kwargs):
user_id = self.request.user.id
domain = request.data['domain']
new_data = request.data.copy()
new_data.update({"user": user_id})
can_create_task = self.task_service.can_create_task(user=request.user, domain_name=domain)
if not can_create_task:
raise PermissionDenied(code=None, detail=None)
# original definition of create() with new_data
serializer = self.get_serializer(data=new_data)
serializer.is_valid(raise_exception=True)
self.perform_create(serializer)
headers = self.get_success_headers(serializer.data)
return Response(serializer.data, status=status.HTTP_201_CREATED, headers=headers)
A simple solution to your problem would be using the "extra_kwargs" field inside your Meta class,for your case it would be something like this:
class Meta:
model = Task
fields = ['id', 'created', 'domain']
extra_kwargs = {'user': {'default': serializers.CurrentUserDefault()}}

Django rest framework "Var must be a User Instance" vs "Object of type 'type' is not JSON serializable"

I'm trying to serialize a model having a foreign key "User".
The concerned view snippet is:
data = JSONParser().parse(request)
serializer = SiteSerializer(data=data)
if serializer.is_valid():
userid = data['supervisor']
user = User.objects.get(id=userid).__dict__ ## tried case I
user = User.objects.get(id=userid) ## tried case II
serializer.save(supervisor=user)
return JsonResponse(serializer.data, status=201)
The serializer is as :
class SiteSerializer(serializers.ModelSerializer):
supervisor = serializers.RelatedField(source='User', read_only=True)
class Meta:
model = Site
fields = ('sitename', 'start_date', 'supervisor')
The model is :
class Site(models.Model):
sitename=models.CharField(max_length=255)
start_date=models.DateTimeField
supervisor=models.ForeignKey(User,on_delete=models.PROTECT)
created = models.DateTimeField(auto_now_add=True)
updated = models.DateTimeField(auto_now=True)
def __str__(self):
return "{}".format(self.sitename)
When I pass supervisor object it says that object of type "Type" is not serializable and when I pass supervisor as dictionary it says that the dict variable supervisor must be a User instance.
How do I sort this out and proceed??
DRF handles most of the data parsing itself and the parsed data can be found in request.data attribute.
# serializers.py
class SiteSerializer(serializers.ModelSerializer):
supervisor = serializers.RelatedField(read_only=True) # remove "source argument "
class Meta:
model = Site
fields = ('sitename', 'start_date', 'supervisor')
#views.py
from rest_framework.response import Response # use DRF's response class
class Foo(APIView):
...
def post(self, request, *args, **kwargs):
serializer = SiteSerializer(data=request.data) # use "request.data"
if serializer.is_valid():
serializer.save(supervisor=request.user) # pass user instance directly to the serializer/model saving flow using "request.user"
return Response(serializer.data)
else:
return Response(serializer.errors) # show validation errors if any

django rest add data to serializer when saving

I want to do the following:
models.py
class MyModel(TimeStampedModel, models.Model):
name = models.CharField(max_length=100)
owner = models.ForeignKey(settings.AUTH_USER_MODEL)
serializers.py
class MyModelSerializerCreate(serializers.ModelSerializer):
class Meta:
model = MyModel
fields = (
'name',
)
And I would like to add as owner the current user in request.user.
Currently I am adding this in my view directly by uptading request.data with user and then pass the updated data to my serializer.
data = request.data
# Add owner to data
data["owner"] = request.user.pk
serializer = self.get_serializer(data=data)
serializer.is_valid(raise_exception=True)
self.perform_create(serializer)
headers = self.get_success_headers(serializer.data)
I would like to do this in my serializer directly but can't find a way to properly do it because it looks like data validation to me. Is this a good idea ? Should I keep this logic in my views or move it to my serializer ?
You can get a user from serializer context:
self.context['request'].user
It is passed from a method get_serializer_context which originally created in a GenericAPIView:
class GenericAPIView(APIView):
....
def get_serializer_context(self):
"""
Extra context provided to the serializer class.
"""
return {
'request': self.request,
'format': self.format_kwarg,
'view': self
}
Inside a serializer you need to override a create method:
class MyModelSerializerCreate(serializers.ModelSerializer):
class Meta:
model = MyModel
fields = ('name', )
def create(self, validated_data):
validated_data['owner'] = self.context['request'].user
return super(MyModelSerializerCreate, self).create(validated_data)
You could also override an update and delete methods if you need some special interactions with the User model.
Unfortunatly I dont have the reputation points to comment on #ivan-Semochkin post above, but should the last line not be:
return super(MyModelSerializerCreate, self).create(validated_data)
The solution from Ivan Semochkin did not work for me, as it never entered into the create() method of the serializer. As request.data field is immutable, you need to copy it and then extend it.
from django.http import HttpRequest
from rest_framework.request import Request
class MyModelViewSet(ModelViewSet):
def _extend_request(self, request):
data = request.POST.copy()
data['owner'] = request.user
request_extended = Request(HttpRequest())
request_extended._full_data = data
def create(self, request, *args, **kwargs):
request_extended = self._extend_request(request)
return super().create(request_extended, *args, **kwargs)

Django Rest Framework return nested object using PrimaryKeyRelatedField

I am using DRF to expose some API endpoints.
# models.py
class Project(models.Model):
...
assigned_to = models.ManyToManyField(
User, default=None, blank=True, null=True
)
# serializers.py
class ProjectSerializer(serializers.ModelSerializer):
assigned_to = serializers.PrimaryKeyRelatedField(
queryset=User.objects.all(), required=False, many=True)
class Meta:
model = Project
fields = ('id', 'title', 'created_by', 'assigned_to')
# view.py
class ProjectList(generics.ListCreateAPIView):
mode = Project
serializer_class = ProjectSerializer
filter_fields = ('title',)
def post(self, request, format=None):
# get a list of user.id of assigned_to users
assigned_to = [x.get('id') for x in request.DATA.get('assigned_to')]
# create a new project serilaizer
serializer = ProjectSerializer(data={
"title": request.DATA.get('title'),
"created_by": request.user.pk,
"assigned_to": assigned_to,
})
if serializer.is_valid():
serializer.save()
else:
return Response(serializer.errors,
status=status.HTTP_400_BAD_REQUEST)
return Response(serializer.data, status=status.HTTP_201_CREATED)
This all works fine, and I can POST a list of ids for the assigned to field. However, to make this function I had to use PrimaryKeyRelatedField instead of RelatedField. This means that when I do a GET then I only receive the primary keys of the user in the assigned_to field. Is there some way to maintain the current behavior for POST but return the serialized User details for the assigned_to field?
I recently solved this with a subclassed PrimaryKeyRelatedField() which uses the id for input to set the value, but returns a nested value using serializers. Now this may not be 100% what was requested here. The POST, PUT, and PATCH responses will also include the nested representation whereas the question does specify that POST behave exactly as it does with a PrimaryKeyRelatedField.
https://gist.github.com/jmichalicek/f841110a9aa6dbb6f781
class PrimaryKeyInObjectOutRelatedField(PrimaryKeyRelatedField):
"""
Django Rest Framework RelatedField which takes the primary key as input to allow setting relations,
but takes an optional `output_serializer_class` parameter, which if specified, will be used to
serialize the data in responses.
Usage:
class MyModelSerializer(serializers.ModelSerializer):
related_model = PrimaryKeyInObjectOutRelatedField(
queryset=MyOtherModel.objects.all(), output_serializer_class=MyOtherModelSerializer)
class Meta:
model = MyModel
fields = ('related_model', 'id', 'foo', 'bar')
"""
def __init__(self, **kwargs):
self._output_serializer_class = kwargs.pop('output_serializer_class', None)
super(PrimaryKeyInObjectOutRelatedField, self).__init__(**kwargs)
def use_pk_only_optimization(self):
return not bool(self._output_serializer_class)
def to_representation(self, obj):
if self._output_serializer_class:
data = self._output_serializer_class(obj).data
else:
data = super(PrimaryKeyInObjectOutRelatedField, self).to_representation(obj)
return data
You'll need to use a different serializer for POST and GET in that case.
Take a look into overriding the get_serializer_class() method on the view, and switching the serializer that's returned depending on self.request.method.