We have an APIView (FooView) that can be accessed directly through a URL.
We have another APIView APIKeyImportView that will reuse FooView depending of file name (it is done this way for compatibility with an API).
However when request.FILES is accessed from APIKeyImportView to look at the file names, request.FILES becomes empty in FooView.
It appears that accessing request.FILES will makes it un-useable by the nested view.
Is there a way around this?
class FooView(APIView):
permission_classes = (permissions.IsAuthenticated,)
def post(self, request, vendor):
file = request.FILES.get('file')
if not file:
return Response(status=status.HTTP_400_BAD_REQUEST)
return Response()
class APIKeyImportView(APIView):
permission_classes = (permissions.IsAuthenticated,)
authentication_classes = (ApiKeyAuthentication,)
def post(self, request):
file = request.FILES.get('file')
if not file:
return Response(status=status.HTTP_400_BAD_REQUEST)
name = file.name
if name.startswith('FOO'):
return FooView.as_view()(request=request)
else:
return Response(status=status.HTTP_400_BAD_REQUEST)
Removing the validation on request.Files in APIKeyImportView will make it accessible in FooView but it kinds of miss the point.
Inspecting request in PyCharm will also make it un-useable in FooView since the debugger will call the properties.
class APIKeyImportView(APIView):
permission_classes = (permissions.IsAuthenticated,)
authentication_classes = (ApiKeyAuthentication,)
def post(self, request):
return FooView.as_view()(request=request)
These solutions are not working:
django modifying the request object
Tested on the following versions:
Django 1.9.5
django-rest-framework 3.3.3
Python 3.4.2
A workaround I found was to pass request.FILES but I am not sure if it has side effects
class FooView(APIView):
permission_classes = (permissions.IsAuthenticated,)
_files = None
#property
def request_files(self):
if self._files:
return self._files
return self.request.FILES
def post(self, request, vendor):
file = self.request_files.get('file')
if not file:
return Response(status=status.HTTP_400_BAD_REQUEST)
return Response()
class APIKeyImportView(APIView):
permission_classes = (permissions.IsAuthenticated,)
authentication_classes = (ApiKeyAuthentication,)
def post(self, request):
file = request.FILES.get('file')
if not file:
return Response(status=status.HTTP_400_BAD_REQUEST)
name = file.name
if name.startswith('FOO'):
# Passing FILES here
return FooView.as_view(_files=request.FILES)(request=request)
else:
return Response(status=status.HTTP_400_BAD_REQUEST)
Related
I know that there is something wrong with my urls. But I'm unable to figure it out.
models.py
class Restaraunt(models.Model):
name=models.CharField(max_length=50,blank=True,null=True)
class Schedule(models.Model):
restaraunt=models.ForeignKey(Restaraunt, on_delete=models.CASCADE,related_name='restaraunt_name')
#days=models.CharField(choices=DAYS,max_length=255)
opening_time=models.TimeField(auto_now=False,auto_now_add=False)
closing_time=models.TimeField(auto_now=False,auto_now_add=False)
def __str__(self):
return str(self.restaraunt)
class Restarasunt(viewsets.ViewSet):
def create(self,request):
try:
name=request.data.get('name')
if not name:
return Response({"message": "name is rerquired!","success":False},
status=status.HTTP_200_OK )
res_obj=Restaraunt()
res_obj.name=name
print(res_obj.name)
res_obj.save()
return Response("Restaurant addedd successfully")
except Exception as error:
traceback.print_exc()
return Response({"message":str(error),"success":False},status = status.HTTP_200_OK)
class ScheduleViewSet(viewsets.ViewSet):
def create(self,request,pk):
try:
res_obj=Restaraunt.objects.filter(pk=pk)
print('hie',res_obj)
data=request.data
opening_time=data.get('opening_time')
closing_time=data.get('closing_time')
sce_obj=Schedule()
sce_obj.opening_time=opening_time
sce_obj.closing_time=closing_time
sce_obj.restaraunt=res_obj
sce_obj.save()
return Response("")
except Exception as error:
traceback.print_exc()
return Response({"message":str(error),"success":False},status = status.HTTP_200_OK)
URLS.PY
from rest_framework.routers import DefaultRouter
from auth1 import views
router=DefaultRouter()
router.register(r'retaraunt', views.Restarasunt, basename='Restarasunt')
router.register(r'Timings', views.ScheduleViewSet, basename='ScheduleViewSet')
urlpatterns = router.urls
As showed in the documentation you need to add retrieve method for your class
class UserViewSet(viewsets.ViewSet):
"""
A simple ViewSet for listing or retrieving users.
"""
def list(self, request):
queryset = User.objects.all()
serializer = UserSerializer(queryset, many=True)
return Response(serializer.data)
def retrieve(self, request, pk=None):
queryset = User.objects.all()
user = get_object_or_404(queryset, pk=pk)
serializer = UserSerializer(user)
return Response(serializer.data)
I don't think that the create view is meant to be used with "pk". Can you try getting the "pk" value from request.data and use it to get the Restaraunt object
I need to check different types of permissions for different types of actions from request user. For example get permission only need [IsAuthenticated] but when user request perform_create method. I want to implement another permission that is CanCreateProject
permissions.py
class CanCreateProject(permissions.BasePermission):
def has_object_permission(self, request, view, obj):
if request.user.is_superuser:
return True
else:
return request.user.profile_limitation.can_create_project
views.py
class ProjectView(ModelViewSet):
serializer_class = ProjectSerializer
permission_classes = [IsAuthenticated]
def get_queryset(self):
queryset = Project.objects.all()
organization = self.request.user.organization
query_set = queryset.filter(organization=organization)
return query_set
def perform_create(self, serializer):
self.permission_classes = [CanCreateProject] ## here
project = self.request.data["project_name"]
path = self.request.data["project_name"]
organization = self.request.data["organization"]
serializer.save(project_name=project, project_path=path, organization=organization)
How can I run the CanCreateProject method only for perform_create method is requested.
Override the get_permissions(...) method
class ProjectView(ModelViewSet):
serializer_class = ProjectSerializer
permission_classes = [IsAuthenticated]
def get_queryset(self):
queryset = Project.objects.all()
organization = self.request.user.organization
query_set = queryset.filter(organization=organization)
return query_set
def get_permissions(self):
if self.action == 'create':
composed_perm = IsAuthenticated & CanCreateProject
return [composed_perm()]
return super().get_permissions()
# def perform_create(self, serializer):
# self.permission_classes = [CanCreateProject] ## here
#
# project = self.request.data["project_name"]
# path = self.request.data["project_name"]
# organization = self.request.data["organization"]
# serializer.save(project_name=project, project_path=path,
# organization=organization)
Notes:
You really don't need to use perform_create(...) method here
a possible dup: DRF Viewset remove permission for detail route
Update-1
You should implement the has_permission(..) method of the Permission class, not has_object_permission(...) method
from rest_framework import permissions
class CanCreateProject(permissions.BasePermission):
def has_permission(self, request, view):
if request.user.is_superuser:
return True
else:
return request.user.profile_limitation.can_create_project
I have two separate methods:
to load and validate a csv file FileUploadView(APIView) [PUT]
to add new objects to the database based on their uploaded file data
CsvToDatabase [POST]
For this purpose, 2 different url addresses are used
Now I want to combine this functionality into one, so that the file is loaded with processing and creation of instances in the database is done on a single request. That is, the final goal - the application user sends the file to the server and then everything happens automatically.
file upload
class FileUploadView(APIView):
parser_classes = (MultiPartParser, FormParser)
permission_classes = (permissions.AllowAny,)
def put(self, request, format=None):
if 'file' not in request.data:
raise ParseError("Empty content")
f = request.data['file']
filename = f.name
if filename.endswith('.csv'):
file = default_storage.save(filename, f)
r = csv_file_parser(file)
status = 204
print(json.dumps(r))
else:
status = 406
r = "File format error"
return Response(r, status=status)
create instances
class CsvToDatabase(APIView):
permission_classes = (permissions.AllowAny,)
serializer_class = VendorsCsvSerializer
def post(self, request, format=None):
r_data = request.data
...
#some logic
...
serializer = VendorsCsvSerializer(data=data)
try:
serializer.is_valid(raise_exception=True)
serializer.save()
except ValidationError:
return Response({"errors": (serializer.errors,)},
status=status.HTTP_400_BAD_REQUEST)
else:
return Response(request.data, status=status.HTTP_200_OK)
how can I correctly combine two methods in one endpoint so that if csv file validation is successful, the POST method will be called? Or maybe it's better to leave two different urls and send the json received after parsing the .csv file to the url with the POST method? This option seems to me easier to test. but how do I do it?
Thanks!
I solved it this way
class FileUploadView(APIView):
parser_classes = (MultiPartParser, FormParser)
# renderer_classes = [JSONRenderer]
permission_classes = (permissions.AllowAny,)
serializer_class = VendorsCsvSerializer
def put(self, request, format=None):
if 'file' not in request.data:
raise ParseError("Empty content")
f = request.data['file']
filename = f.name
if filename.endswith('.csv'):
file = default_storage.save(filename, f)
r = csv_file_parser(file)
status = 204
response = Response(r)
self.post(request=response)
else:
status = 406
r = "File format error"
return Response(r, status=status)
def post(self, request, format=None):
r_data = request.data
....
serializer = VendorsCsvSerializer(data=data)
try:
serializer.is_valid(raise_exception=True)
serializer.save()
except ValidationError:
return Response({"errors": (serializer.errors,)},
status=status.HTTP_400_BAD_REQUEST)
else:
return Response(request.data, status=status.HTTP_200_OK)
I hope this is the right way
This is my question asked 2 days back. I used Louis Barranqueiro's answer to solve my problem.
Now I want to add current page number as well as page_size in the serialized data. I know I have to customize the get_paginated_response method in PageNumberPagination class, but when I do that I get this error:
My code
def get_paginated_response(self, data, request):
# import pdb
# pdb.set_trace()
return Response(OrderedDict([
('next', self.get_next_link()),
('current', self.get_current_link()),
('previous', self.get_previous_link()),
('results', data)
]))
def get_queryset(self, request):
product_sync_ts = self.request.GET.get('product_sync_ts', None)
if product_sync_ts:
product = Product.objects.filter(....)
)
# return self.get_paginated_response(product, self.request)
return Response(product)
else:
content = {'details': "Bad Request"}
raise APIException400(request, content)
def get(self, request, format=None):
products = self.get_queryset(request)
serializer = SyncedProductSerializer(instance={'products': products})
# product = self.paginate_queryset(serializer, request)
return self.get_paginated_response(serializer, request)
# return self.get_paginated_response(serializer.data, request)
Error:
File "/Users/Documents/content-api/venv/lib/python2.7/site-packages/rest_framework/pagination.py", line 242, in get_next_link
if not self.page.has_next()
AttributeError: 'PaginatedProductList' object has no attribute 'page'
Some one might wanna try:
REST_FRAMEWORK = {
'PAGE_SIZE': 20,
'DEFAULT_PAGINATION_CLASS': 'rest_framework.pagination.LimitOffsetPagination',}
on settings.py
with a view like
class GeneralManagementAPIView(generics.ListAPIView):
queryset = GeneralManagements.objects.all()
permission_classes = (IsAuthenticatedOrReadOnly,)
renderer_classes = (GeneralManagementJSONRenderer,)
serializer_class = GeneralManagementSerializer
def get_queryset(self):
return GeneralManagements.objects.all()
def list(self, request):
queryset = self.get_queryset()
page = self.paginate_queryset(queryset)
print("request ", request)
serializer_context = {'request': request}
serializer = self.serializer_class(
page, context=serializer_context, many=True
)
print("serializer ", serializer, "serializer.data", serializer.data )
return self.get_paginated_response(serializer.data)
You should call paginate_queryset before calling get_paginated_response
Note that the paginate_queryset method may set state on the pagination instance, that may later be used by the get_paginated_response method.
https://www.django-rest-framework.org/api-guide/pagination/
I am just adding my answer to help other users with the same problem they are facing.
Adding to the above statement, it also has a solution to your question in a simpler way.
Just pass PageNumberPagination and add request in self.paginate_queryset method.
class PaginatedProductList(APIView, PageNumberPagination):
def get(self, request):
products = Product.objects.filter(....)
return self.paginate_queryset(products, request)
So finally I found out how to solve this problem..
Below is the code(Simple and silly mistakes that I was doing)
class PaginatedProductList(APIView, PageNumberPagination):
page_size = 1000 #---crucial line
max_page_size = 1000
def get_paginated_response(self, data, page, page_num):
return Response(OrderedDict([
('count', self.page.paginator.count),
('current', page),
('next', self.get_next_link()),
('previous', self.get_previous_link()),
('page_size', page_num),
('results', data)
]))
def get_queryset(self, request):
product_sync_ts = self.request.GET.get('product_sync_ts', None)
if product_sync_ts:
product = Product.objects.filter(...)
)
return self.paginate_queryset(product, self.request)
raise APIException400(request, {'details': "Bad Request"})
def get(self, request):
page = self.request.GET.get('page', 1)
page_size = self.request.GET.get('page_size', 1000)
products = self.get_queryset(request)
serializer = SyncedProductSerializer(instance={'products': products})
return self.get_paginated_response(serializer.data, page, page_size)
Other than inheriting PageNumberPagination class in view, try defining your pagination class outside your view(as a separate class) inheriting from PageNumberPagination. and mention that class name as pagination class = YourClassName. inside your view
class PaginationClass(PageNumberPagination):
page_size = 2
and in view,
class GeneralManagementAPIView(generics.ListAPIView):
pagination_class = PaginationClass
I am trying to build an API view, to handle user management using django rest framework version 2.3.10 with django 1.6. I tried to build a ModelViewSet which based on the URL pk value it would return either current user or public user.
I tried to add a dispatch function which will assigned pk to current user, but it seems like this function is running too soon that its always seeing the user as anonymous
class UserViewSet(viewsets.ModelViewSet):
"""
"""
queryset = User.objects.all()
serializer_class = UserSerializer
permission_classes = (IsOwnerOrCreateOnly, )
def dispatch(self, request, *args, **kwargs):
if kwargs.get('pk') == 'current' and not request.user.is_anonymous():
kwargs['pk'] = request.user.pk
resp = super(CurrentUserViewSet, self).dispatch(request, *args, **kwargs)
return resp
I tried to do the below, which works
class UserViewSet(viewsets.ModelViewSet):
"""
"""
queryset = User.objects.all()
serializer_class = UserSerializer
permission_classes = (IsOwnerOrCreateOnly, )
def retrieve(self, request, *args, **kwargs):
if self.kwargs.get('pk') == u'current' and not request.user.is_anonymous():
self.kwargs['pk'] = request.user.pk
return super(CurrentUserViewSet, self).retrieve(request, *args, **kwargs)
but, I don't want to override each and every function on several ModelViewSet classes I have, so, is there a way to use something similar to the dispatcher whereby I can check if the pk is equal to "current" and then assign current user to it?
Another question, how can I change the returned fields programmatically? for example when querying current user I want to include the first and last name from the user model, but when querying by primary key, I want first and last name to not return as response? any suggestions on how todo that?
I got the same problem I solved it by using method "initial" instead of "dispatch"
class UserViewSet(viewsets.ModelViewSet):
queryset = User.objects.all()
serializer_class = UserSerializer
permission_classes = (IsOwnerOrCreateOnly, )
def initial(self, request, *args, **kwargs):
# logic - code #
if kwargs.get('pk') == 'current' and not request.user.is_anonymous():
kwargs['pk'] = request.user.pk
# end #
resp = super(CurrentUserViewSet, self).initial(request, *args, **kwargs)
return resp
see " dispatch "
method in https://github.com/tomchristie/django-rest-framework/blob/master/rest_framework/views.py
for better understanding.
Override viewsets.ModelViewSet class with your pk check implementation and use that new class, something like this:
class GenericUserViewSet(viewsets.ModelViewSet):
def retrieve(self, request, *args, **kwargs):
if self.kwargs.get('pk') == u'current' and not request.user.is_anonymous():
self.kwargs['pk'] = request.user.pk
return super(CurrentUserViewSet, self).retrieve(request, *args, **kwargs)
class UserViewSet(GenericUserViewSet):
queryset = User.objects.all()
serializer_class = UserSerializer
permission_classes = (IsOwnerOrCreateOnly, )
And for the second question, perhaps creating two serializers (public and current) and changing serializer_class to either one of them in init of GenericUserViewSet may do the trick, I haven't tested this but it's an idea:
class GenericUserViewSet(viewsets.ModelViewSet):
def __init__(self, *args, **kwargs):
if self.kwargs.get('pk') == u'current' and not request.user.is_anonymous():
self.serializer_class = UserSerializer
else:
self.serializer_class = PublicUserSerializer
super(GenericUserViewSet, self).__init__(*args, **kwargs)
I'm assuming that you want to save the current user to your DB model, yes?
If so this should be fairly easy to fix, just add this method to your views:
def pre_save(self, obj):
obj.user = self.request.user
This will execute just before the model is saved. I use this all the time and it works great.
The other thing you can do is write a mixin class in a generic way that does want you want then inherit it in each of the views you need it in. Assuming that is that you have a solution that works, but just don't want to mimic you code all over the place.