I want users to be able to update only one specific field. For example:
models.py
class Snippet(models.Model):
created = models.DateTimeField(auto_now_add=True)
title = models.CharField(max_length=100, blank=True, default='')
code = models.TextField()
linenos = models.BooleanField(default=False)
language = models.CharField(choices=LANGUAGE_CHOICES, default='python', max_length=100)
style = models.CharField(choices=STYLE_CHOICES, default='friendly', max_length=100)
class Meta:
ordering = ('created',)
serializer.py
class SnippetSerializer(serializers.ModelSerializer):
class Meta:
model = Snippet
fields = ('id', 'title', 'code', 'linenos', 'language', 'style')
views.py
class SnippetList(generics.ListCreateAPIView):
queryset = Snippet.objects.all()
serializer_class = SnippetSerializer
class SnippetDetail(generics.RetrieveUpdateDestroyAPIView):
queryset = Snippet.objects.all()
serializer_class = SnippetSerializer
Once the Snippet is created, the user should only be able to update title field.
I know I can achieve that by something like this:
serializers.py
def update(self, instance, validated_data):
"""
Update and return an existing `Snippet` instance, given the validated data.
"""
instance.title = validated_data.get('title', instance.title)
instance.save()
return instance
In serializer class. But I want to know, is there a way that browsable API show only title field in edit form? And also skip validation for fields that are not required?
Django REST Framework provides the read_only and write_only attributes for controlling what is used for editing and what is not.
serializers.py
class SnippetSerializer(serializers.ModelSerializer):
class Meta:
model = Snippet
fields = ('id', 'title', 'code', 'linenos', 'language', 'style')
extra_kwargs = {
'id': {'read_only': True},
'code': {'read_only': True},
'lineos': {'read_only': True},
'language': {'read_only': True},
'style': {'read_only': True}
}
The above will return all the fields on read requests but only title will be writable.
You can find more at the official documentation:
http://www.django-rest-framework.org/api-guide/serializers/#specifying-read-only-fields
While #petkostas answer is correct, it doesn't give you a full picture of how to achieve it.
First, Create a new serializer; let's call it SnippetUpdateSerializer
Now, you may have custom serializer fields like serializers.MethodFieldSerializer that you would have defined in SnipperSerializer; which you may not want to write again in your new serializer. A good approach is to use inheritance.
Taking the example from the question
class SnippetUpdateSerializer(SnippetSerializer): #<- pay attention here
class Meta(SnippetSerializer.Meta): # <- pay attention here
SnippetSerializer.Meta.extra_kwargs.update({ # update the dictionary
'id': {'read_only': True},
'code': {'read_only': True}, # you can also use {write_only: True} if you want this to be write only
'lineos': {'read_only': True},
'language': {'read_only': True},
'style': {'read_only': True}
}) # you may completely override by just using extra_kwargs, instead of SnippetSerializer.Meta.extra_kwargs
Now in your SnippetUpdateView, use the above serializer.
If you are using class based views then set serializer_class = SnippetUpdateSerializer
Another approach is to return bad request, from your update view if the user requests contain read_only fields. (not recommended)
Related
I've looked extensively on here and probably exhausted all the answers and still haven't found a solution to my particular problem, which is to make an API that update/delete from both models, and I am getting the following error:
The .update()method does not support writable nested fields by default. Write an explicit.update()method for serializeruser_profile.serializers.UserSerializer, or set read_only=True on nested serializer fields.
In this particular instance this happens when I try to update a field from the user_profile model
I have separated my Django project into several apps/folders with each model being in its own folder.
I have a user app and a user_profile app each with their own models.
the user model is basically an AbstractUser sitting in its own app
the user_profile model is as follows:
class UserProfile(models.Model):
user = models.OneToOneField(to=User, on_delete=models.CASCADE, related_name='userprofile')
location = models.CharField(blank=True, max_length=30)
created_time = models.DateTimeField(auto_now_add=True)
updated_time = models.DateTimeField(auto_now=True)
The serializers are as follows:
class UserProfileCrudSerializer(serializers.ModelSerializer):
class Meta:
model = UserProfile
fields = ('location', 'created_time', 'updated_time')
class UserSerializer(serializers.ModelSerializer):
profile = UserProfileCrudSerializer(source='userprofile', many=False)
class Meta:
model = User
fields = ('username', 'email', 'first_name', 'last_name', 'profile')
def update(self, instance, validated_data):
userprofile_serializer = self.fields['profile']
userprofile_instance = instance.userprofile
userprofile_data = validated_data.pop('userprofile', {})
userprofile_serializer.update(userprofile_instance, userprofile_data)
instance = super().update(instance, validated_data)
return instance
and my view is:
class RetrieveUpdateView(RetrieveUpdateAPIView):
serializer_class = UserSerializer
queryset = User.objects.all()
def get_object(self):
return self.request.user
when I do a GET I am getting the following response without any problems:
{
"username": "blue",
"email": "bluebear#bluebear.com",
"first_name": "Blue",
"last_name": "Bear",
"profile": {
"location": "London",
"created_time": "2023-02-03T00:39:15.149924Z",
"updated_time": "2023-02-03T00:39:15.149924Z"
}
}
and I do a patch request like this:
{
"profile": {
"location": "Paris"
}
}
The way the code is now I have no issue updating username, email, first_name, and last_name which come from the AbstractUser but I am getting the above error when I try to patch the location which is in the UserProfile model.
I've looked at many similar solutions online, but none that pertain to my particular situation.
The .update() method does not support writable nested fields by default. Write an explicit .update() method for serializeruser_profile.serializers.UserSerializer, or set read_only=True on nested serializer fields.
It already shows in the message, you need to explicitly write the update method for the writable nested serializer which is documented here https://www.django-rest-framework.org/topics/writable-nested-serializers/ or you can use another module that is also referred to in the docs https://github.com/beda-software/drf-writable-nested.
Your approach is correct already but there is some typo and wrong indentation in your code:
class UserSerializer(serializers.ModelSerializer):
profile = UserProfileCrudSerializer(source='userprofile', many=False)
class Meta:
model = User
fields = ('username', 'email', 'first_name', 'last_name', 'profile')
def update(self, instance, validated_data):
# update is a method of serializer not serializer.Meta
userprofile_serializer = self.fields['profile']
userprofile_instance = instance.userprofile
# should be 'profile' here instead of 'userprofile' as you defined in serializer
userprofile_data = validated_data.pop('profile', {})
userprofile_serializer.update(userprofile_instance, userprofile_data)
instance = super().update(instance, validated_data)
return instance
I am trying to create nested objects (documentregulation) when I create a Document object. To achieve this, I have overwritten the create method on the DocumentSerializer, as per Django Docs. However, when I attempt validated_data.pop('documentregulation_set'), it is empty, even when it is populated in the incoming request.data of my view. Is there something causing my incoming data to not be validated? How would I go about debugging this if so?
// serializers.py
class DocumentRegulationSerializer(serializers.ModelSerializer):
class Meta:
model = DocumentRegulation
fields = ('regulation',)
class DocumentSerializer(serializers.ModelSerializer):
documentregulation_set = DocumentRegulationSerializer(many=True, required=False)
class Meta:
model = Document
fields = ('documentregulation_set', 'id', 'name', 'file', 'text', 'uploaded_at')
extra_kwargs = {
'id': {'read_only': True},
'uploaded_at': {'read_only': True},
}
def create(self, validated_data):
documentregulation_set = validated_data.pop('documentregulation_set')
# create document first
document = Document.objects.create(**validated_data)
# serialize associated regulations
for documentregulation in documentregulation_set:
# get ID of newly-created document, use for relation
#documentregulation['regulation'] = documentregulation['id']
DocumentRegulation.objects.create(document=document, **documentregulation)
return document
//views.py
class DocumentView(generics.ListCreateAPIView):
def create(self, request):
#pprint(self.request.FILES['profile_pic'])
request.data['documentregulation_set'] = json.loads(request.data['documentregulation_set'])
request.data['documentdomain_set'] = json.loads(request.data['documentdomain_set'])
pprint(request.data)
document = DocumentSerializer(data=request.data)
if document.is_valid():
document.save()
return Response(document.data, status=status.HTTP_201_CREATED)
else:
return Response(document.errors, status=status.HTTP_400_BAD_REQUEST)
my incoming data (printed in request.data) looks like:
{'documentregulation_set': [{'label': 'Regulation 1',
'regulation': 2,
'value': 2},
{'label': 'Regulation 2',
'regulation': 4,
'value': 4}],
'file': <InMemoryUploadedFile: test.docx >,
'name': 'testing',
'text': 'test'}
but then my validated data prints out to be:
{'documentregulation_set': [],
'file': <InMemoryUploadedFile: test.docx >,
'name': 'testing',
'text': 'test'}
Problem seems to be with the validation of the documentregulation_set field in the DocumentSerializer serializer. But you can escape the validation in the Meta Class as:
class Meta:
model = Document
fields = '__all__'
extra_kwargs = {
'documentregulation_set': {'validators': []} # escape validation
}
If you need to write custom validators have a look at Writing custom validators
So the final serializer looks like:
class DocumentRegulationSerializere(serializers.ModelSerializer):
"""Serializers for DocumentRegulation object"""
class Meta:
model = DocumentRegulation
fields = ('regulation',)
class DocumentSerializer(serializers.ModelSerializer):
"""Serializer for Document objects"""
documentregulation_set = DocumentRegulationSerializere(many=True)
class Meta:
model = Document
fields = ('documentregulation_set', 'id', 'name', 'file', 'text', 'uploaded_at')
extra_kwargs = {
'id': {'read_only': True},
'uploaded_at': {'read_only': True},
'documentregulation_set': {'validators': []} # escape validation
}
def create(self, validated_data):
doc_reg = []
document_regulation_set = validated_data.pop('documentregulation_set')
document = Document.objects.create(**validated_data)
for document_regulation in document_regulation_set:
reg = DocumentRegulation.objects.create(**document_regulation)
reg.save()
doc_reg.append(reg)
document.documentregulation_set.add(reg)
return document
View
class DocumentView(generics.ListCreateAPIView):
"""List or create new Document ojects"""
queryset = Document.objects.all()
serializer_class = DocumentSerializer
I have following serializers:
class UserSerializer(ModelSerializer):
class Meta:
model = User
fields = ('id', 'username', 'password')
class ProfileSerializer(ModelSerializer):
user = UserSerializer()
class Meta:
model = Profile
fields = ('id', 'user', 'name', 'address')
when I want to create a profile I should send following data:
{
"user":{
"username": "test_username",
"password": "123456789"
},
"name": "David",
"address": "Baker St"
}
my question is, is it possible to just send "user": 5 instead of sending dictionary in case of POST request?
You have two options, either you can use two different serializers for retrieve and create like this
class ProfileCreateSerializer(ModelSerializer):
class Meta:
model = Profile
fields = ('id', 'user', 'name', 'address')
and
class ProfileRetrieveSerializer(ProfileCreateSerializer):
user = UserSerializer()
and decide which serializer to use in view (hint: override get_serializer_class method)
OR
Use one serialzer and decide field type according to action type:
class ProfileCreateSerializer(ModelSerializer):
class Meta:
model = Profile
fields = ('id', 'user', 'name', 'address')
def __init__(self, *args, **kwargs):
super().__init__(*args, **kwargs)
if self.context['request'].method == 'GET': # or whatever condition you want to use
self.fields['user'] = UserSerializer()
you can do, that you can create your custom serializer fields
class CustomForeignKeyField(serializers.PrimaryKeyRelatedField):
def get_queryset(self):
return self.queryset
def to_representation(self, value):
value = super().to_representation(value)
user = User.objects.get(pk=value)
return UserSerializer(user).data
in serializer you can use this fiedls
class ProfileSerializer(ModelSerializer):
user = CustomForeignKeyField(queryset=User.objects.all())
class Meta:
model = Profile
fields = ('id', 'user', 'name', 'address')
it will accept value as int and return the response in json
I can't figure out how to pass user object to the following serializer:
class ReviewSerializer(serializers.ModelSerializer):
user = UserSerializer(read_only=True)
class Meta:
model = Review
fields = ('pk', 'title', 'user', 'movie', 'timestamp', 'review_text',)
I have this viewset:
class ReviewsViewSet(viewsets.ModelViewSet):
queryset = Review.objects.all()
serializer_class = ReviewSerializer
and this model:
class Review(models.Model):
title = models.CharField(max_length=255)
user = models.ForeignKey(User, on_delete=models.CASCADE, related_name='reviews')
movie = models.ForeignKey(Movie, on_delete=models.CASCADE, related_name='reviews')
review_text = models.TextField()
timestamp = models.DateTimeField(auto_now_add=True)
def __str__(self):
return '{movie} review by {user}'.format(user=self.user, movie=self.movie)
My javascript request looks like this:
return axios({
method: 'post',
url: 'http://localhost:8000/api/reviews/',
data: { // Using data from Vue
title: this.review_title,
movie: this.id,
review_text: this.review_text,
user: JSON.stringify(this.user)
},
headers: {
'Content-Type': 'application/json',
Authorization: `JWT ${token}`
}
})
It gives me this traceback.
How should I pass the user object to the request?
Thanks in advance.
Remove read_only=True from serializer
class ReviewSerializer(serializers.ModelSerializer):
user = UserSerializer()
class Meta:
model = Review
fields = ('pk', 'title', 'user', 'movie', 'timestamp', 'review_text',)
If you set read_only=True, the DRF will not takes the value from input source even if it's there
From the doc,
Read-only fields are included in the API output, but should not be
included in the input during create or update operations. Any
'read_only' fields that are incorrectly included in the serializer
input will be ignored.
Set this to True to ensure that the field is used when serializing a
representation, but is not used when creating or updating an instance
during deserialization.
Defaults to False
UPDATE
You should override the create() method of ReviewSerializer as
class ReviewSerializer(serializers.ModelSerializer):
user = UserSerializer()
def create(self, validated_data):
user_dict = validated_data.pop('user')
user_obj, created = User.objects.get_or_create(**user_dict)
return Review.objects.create(user=user_obj, **validated_data)
class Meta:
model = Review
fields = ('pk', 'title', 'user', 'movie', 'timestamp', 'review_text',)
for debug purpose only
class ReviewsViewSet(viewsets.ModelViewSet):
queryset = Review.objects.all()
serializer_class = ReviewSerializer
def create(self, request, *args, **kwargs):
print(request.data) # print here <<<<
return super(ReviewsViewSet, self).create(request, *args, **kwargs)
I want to use one serializer in order to create comments and get list of them.
Here is my comment serializer:
class CommentSerializer(serializers.ModelSerializer):
creator = UserBaseSerializer(source='author')
replies = ShortCommentSerializer(many=True, read_only=True)
reply_on = serializers.PrimaryKeyRelatedField(
queryset=Comment.objects.all(),
write_only=True,
allow_null=True,
required=False
)
author = serializers.PrimaryKeyRelatedField(
queryset=get_user_model().objects.all(),
write_only=True
)
class Meta:
model = Comment
fields = ('id', 'text', 'object_id', 'creator', 'replies', 'reply_on',
'author')
extra_kwargs = {
'text': {'required': True},
'object_id': {'read_only': True}
}
def create(self, validated_data):
validated_data.update(
{'content_type': self.context['content_type'],
'object_id': self.context['pk']}
)
return Comment.objects.create(**validated_data)
My Comment model has field author which is FK to User model. On GET method I'm returning creator as NestedSerializer with source='author'. Also I got author field for write only purposes. I'm trying to figure out is it possible to use author field both for read and write.
It sounds like you want a Writable Nested Serializer. You're on the right track by having a defined create, but the linked documentation should hopefully give a good idea on how to implement this. You can avoid having to loop over your writable field since it's not a many relation.
you can try override method get_serializer_class like this:
def get_serializer_class(self):
if self.request.method == 'POST':
return CommentCreateSerializer
return CommentSerializer
In CommentCreateSerializer, you can write author field directly. And CommentSerializer with source='author' only for api get.
Hoop this help