Django REST Framework (DRF): Set current user id as field value - django

I have model NewsModel and 2 serializers for him:
models.py
class NewsModel(models.Model):
title = models.CharField('Заголовок', max_length=255, help_text='Максимальная длина - 255 символов')
announce = models.TextField('Анонс', help_text='Краткий анонс новости')
author = models.ForeignKey(settings.AUTH_USER_MODEL, help_text='Автор новости', related_name='news')
full_text = models.TextField('Полный текст новости', help_text='Полный текст новости')
pub_date = models.DateTimeField('Дата публикации', auto_now_add=True, default=timezone.now, help_text='Дата публикации')
def comments_count(self):
return NewsComment.objects.filter(news=self.id).count()
def get_author_full_name(self):
return self.author.get_full_name()
class Meta:
db_table = 'news'
ordering = ('-pub_date',)
serilizers.py:
from rest_framework import serializers
from .models import NewsModel
from extuser.serializers import UserMiniSerializer
class NewsReadSerializer(serializers.ModelSerializer):
author = UserMiniSerializer()
class Meta:
model = NewsModel
fields = ('id', 'title', 'announce', 'comments_count', 'reviews', 'author_name')
def get_author_full_name(self, obj):
return obj.get_author_full_name()
class NewsWriteSerializer(serializers.ModelSerializer):
def validate_author(self, value):
value = self.request.user.id
return value
class Meta:
model = NewsModel
I select serializers in the api.py:
class NewsList(ListCreateAPIView):
queryset = NewsModel.objects.order_by('-pub_date')
def get_serializer_class(self, *args, **kwargs):
if self.request.method == 'GET':
return NewsReadSerializer
return NewsWriteSerializer
class Meta:
model = NewsModel
But when I will create NewsModel item, I see Error 400: Bad request [{'author': 'This field is required'}]
How I can set current user id as NewsItem.author value on creating new item?

I don't think you're using the serializer properly. A better practice to set request related data is to override perform_create in your view:
def perform_create(self, serializer):
serializer.save(author=self.request.user)
def perform_update(self, serializer):
serializer.save(author=self.request.user)
and then set your author serializer to read-only:
author = UserMiniSerializer(read_only=True)
this way you can simply use one single NewsSerializer for both read and write actions.

In new DRF you can write
owner = serializers.HiddenField(
default=serializers.CurrentUserDefault()
)
See http://www.django-rest-framework.org/api-guide/validators/#currentuserdefault

In DRF version prior 3 field must be declader with allow_null=True and default=None. DRF don't run checking fields without this params. Result code:
class NewsReadSerializer(serializers.ModelSerializer):
"""
Serializer only for reading.
author field serialized with other custom serializer
"""
author = UserMiniSerializer()
class Meta:
model = NewsModel
fields = ('id', 'title', 'announce', 'comments_count', 'reviews', 'author', 'pub_date',)
class NewsWriteSerializer(serializers.ModelSerializer):
"""
Serializer for creating and updating records.
author here is the instance of PrimaryKeyRelatedField, linked to all users
"""
author = serializers.PrimaryKeyRelatedField(
queryset=User.objects.all(), # Or User.objects.filter(active=True)
required=False,
allow_null=True,
default=None
)
# Get the current user from request context
def validate_author(self, value):
return self.context['request'].user
class Meta:
model = NewsModel
fields = ('title', 'announce', 'full_text', 'author',)

I would try something like this:
your models.py
class NewsModel(models.Model):
title = models.CharField(
'Заголовок', max_length=255,
help_text='Максимальная длина - 255 символов')
announce = models.TextField('Анонс',
help_text='Краткий анонс новости')
author = models.ForeignKey(
settings.AUTH_USER_MODEL,
help_text='Автор новости', related_name='news')
full_text = models.TextField(
'Полный текст новости',
help_text='Полный текст новости')
pub_date = models.DateTimeField(
'Дата публикации', auto_now_add=True,
default=timezone.now, help_text='Дата публикации')
def comments_count(self):
return NewsComment.objects.filter(news=self.id).count()
def get_author_full_name(self):
return self.author.get_full_name()
class Meta:
db_table = 'news'
ordering = ('-pub_date',)
serializers.py
(ref.: http://www.django-rest-framework.org/api-guide/validators/#currentuserdefault)
from <yourapp>.models import NewsModel
from rest_framework import serializers
class NewsModelSerializer(serializers.ModelSerializer):
author = serializers.HiddenField(default=serializers.CurrentUserDefault())
class Meta:
model = NewsModel
Also you should set settings.py to something like this:
REST_FRAMEWORK = {
'DEFAULT_PERMISSION_CLASSES': (
'rest_framework.permissions.IsAuthenticated',)
}

Related

django class based CreateApiView author_id is not null?

I have also authenticate it with token but when I create a new post error is alert IntegrityError at /api/create/ NOT NULL constraint failed: core_article.author_id how can I valid data with request user in serializer?
model.py
from django.contrib.auth.models import User
from django.db import models
class Article(models.Model):
title = models.CharField(max_length=255, help_text="Short title")
content = models.TextField(blank=True)
author = models.ForeignKey(User, on_delete=models.CASCADE)
status = models.BooleanField(default=True)
def __str__(self):
return self.title
serializer.py
from rest_framework import serializers
from django.contrib.auth.models import User
from core.models import Article
class NewsSerializer(serializers.ModelSerializer):
author = serializers.SlugRelatedField(
slug_field=User.USERNAME_FIELD, read_only=True, required=False)
class Meta:
model = Article
fields = [
'id',
'author',
'title',
'content',
'status',
]
views.py
class ArticleCreate(CreateAPIView):
queryset = Article.status_objects.all()
serializer_class = NewsSerializer
permission_classes = (permissions.IsAuthenticated, )
I don't know if this is what you're looking for, but you can pass the user as author object to your serializer and in your serializer use that author to create your Article object (Note: I assume that you have used correct authentication_class in your view and have access to user from your request object).
First you need to override the perform create of your view:
class ArticleCreate(CreateAPIView):
queryset = Article.status_objects.all()
serializer_class = NewsSerializer
permission_classes = (permissions.IsAuthenticated, )
def perform_create(self, serializer):
serializer.save(author=self.request.user)
Which will send an user instance to your serializer validated data. Then you should change your serializer to:
class NewsSerializer(serializers.ModelSerializer):
class Meta:
model = Article
fields = [
'id',
'title',
'content',
'status',
]
Note that the line author = serializers.SlugRelatedField(slug_field=User.USERNAME_FIELD, read_only=True, required=False) and author are removed from your serializer. But if you need to serialize the id of that author (read only purpose) you can change your serializer to:
class NewsSerializer(serializers.ModelSerializer):
class Meta:
model = Article
fields = [
'id',
'title',
'author',
'content',
'status',
]
read_only_fields = ('author',)
author = serializers.SlugRelatedField(
slug_field=User.USERNAME_FIELD, read_only=True,required=True)
Please change required=False to required=True . If you set True then don't add Null value. So you avoid this errror.

DJANGO Serializer Validation Never Called

I am trying to run custom validation on a serializer in Django. The serializer is as simple as:
class PostsSerializer(serializers.ModelSerializer):
user = UserSerializer(many=False, required=False, allow_null=True)
def validate(self, data):
print('Validating')
print(data)
return data
class Meta:
model = Post
fields = ["id", "user", "type", "title", "content", "created_ts"]
read_only_fields = ["id", "user", "created_ts"]
And the serializer is called as such:
def create_post(self, request):
serializer = PostsSerializer(data=request.data)
if serializer.is_valid(raise_exception=True):
#echo something
else:
fail
And the model is this:
from django.apps import apps
from django.db import models
from ..enums import PostTypes
class Post(models.Model):
user = models.ForeignKey("auth.User", on_delete=models.DO_NOTHING)
type = models.IntegerField(choices=[(tag.name, tag.value) for tag in PostTypes])
title = models.TextField()
content = models.TextField()
class Meta:
db_table = "post"
ordering = ["-created_ts"]
verbose_name = "Post"
verbose_name_plural = "posts"
Any idea what would be causing the validate function not to execute?

How to rename owner to owner_id in ModelSerializer using PrimaryKeyRelatedField?

I would like to rename my owner field to owner_id since it is not nested and will only contain the owner's id. I've made some attempts, but receive errors such as {"owner":["This field is required."]}.
Here is my serializers.py:
class UserJobApplicantSerializer(serializers.ModelSerializer):
job_id = serializers.PrimaryKeyRelatedField(source='job', queryset=Job.objects.all())
owner_id = serializers.PrimaryKeyRelatedField(
source='owner',
read_only=True,
default=serializers.CurrentUserDefault()
)
class Meta:
model = JobApplicant
fields = [
'id',
'job_id',
'owner_id',
'timestamp',
]
read_only_fields = ['id',]
The view overrides the perform_create and injects the owner_id into the validated_data:
class UserJobApplicantAPIView(generics.ListCreateAPIView):
lookup_field = 'pk'
serializer_class = UserJobApplicantSerializer
permission_classes = (IsAuthenticated,)
def get_queryset(self):
return JobApplicant.objects.filter(owner=self.request.user)
def perform_create(self, serializer):
serializer.validated_data['owner_id'] = self.request.user.id
return super(UserJobApplicantAPIView, self).perform_create(serializer)
Model (Job model holds the ManyToManyField with through='JobApplicant'):
class JobApplicant(models.Model):
owner = models.ForeignKey(settings.AUTH_USER_MODEL,
on_delete=models.CASCADE)
job = models.ForeignKey(Job, on_delete=models.CASCADE)
timestamp = models.DateTimeField(auto_now_add=True)
class Meta:
unique_together = ('owner', 'job')
def __str__(self):
return "{}: {}".format(self.job.display_name, self.owner.email)
What is the correct approach to doing this? Is it possible using PrimaryKeyRelatedField, or would I need to use another type of field (or custom)? I have it working for job_id but job_id is different since it's provided by the user.
I'm using DRF 3.8.2 with Django 1.11.15.
Removing the read_only=True, argument from PrimaryKeyRelatedField solve the main problem :)
It should be,
from django.contrib.auth.models import User # use the AUTH_USER_MODEL here
owner_id = serializers.PrimaryKeyRelatedField(source='owner', queryset=User.objects.all(), default=serializers.CurrentUserDefault())
NOTE : You don't want to override the perform_create() method to pass the user instance to serializer. The CurrentUserDefault() class will manage those things if you are properly logged-in

django rest framework : nested model get not working. 'str' object has no attribute 'values'

I have a customer model in Bcustomer app that extends the django User model, So I will save the basic details such as name in User table and the remaining data (city, etc) in customer table.
Saving is working perfectly. But now it is showing the following error when I call the GET method.
AttributeError at /api/v1/customer 'str' object has no attribute 'values'
Request Method: GET
bcustomer/models.py
class BCustomer(models.Model):
customer = models.OneToOneField(settings.AUTH_USER_MODEL, on_delete=models.CASCADE, primary_key=True, blank=True )
address = models.CharField(max_length=50)
city = models.CharField(max_length=256)
state = models.CharField(max_length=50)
user = models.ForeignKey(settings.AUTH_USER_MODEL, db_index=True, on_delete=models.CASCADE, related_name='customer_creator')
# more fields to go
def __str__(self):
# return str(self.name) (This should print first and last name in User model)
class Meta:
app_label = 'bcustomer'
bcusomer/serializers.py
class CustomerDetailsSerializer(serializers.ModelSerializer):
class Meta:
model = BCustomer
fields = ('city', 'phone')
class CustomerSerializer(serializers.ModelSerializer):
customer_details = CustomerDetailsSerializer()
class Meta:
model = get_user_model()
fields = ('id','first_name', 'email', 'customer_details')
def create(self, validated_data):
request = self.context.get('request')
customer_details_data = validated_data.pop('customer_details')
customer_user = get_user_model().objects.create(**validated_data)
BCustomer.objects.create(customer=customer_user, user=request.user, **customer_details_data)
customer_user.customer_details = customer_details_data
return customer_user
class CustomerListSerializer(serializers.ModelSerializer):
model = get_user_model()
fields = '__all__'
class Meta:
model = get_user_model()
fields = '__all__'
bcustomer/views.py
class CustomerViewSet(viewsets.ModelViewSet):
customer_photo_thumb = BCustomer.get_thumbnail_url
permission_classes = [permissions.IsAuthenticated, TokenHasReadWriteScope]
queryset = BCustomer.objects.all()
serializer_class = CustomerSerializer
def get_queryset(self):
queryset = BCustomer.objects.all()
return queryset
def get_serializer_class(self):
if self.action == 'list' or self.action == 'retrieve':
return CustomerListSerializer
return CustomerSerializer
bcustomer/urls.py
router.register(r'customer', views.CustomerViewSet, 'customers')
Data post parameter format
{
"first_name":"Myname",
"email":"testemail#gmail.com",
"customer_details": {
"city":"citys",
"phone":"04722874567",
}
}
You should remove model and fields from CustomListSerializer
class CustomerListSerializer(serializers.ModelSerializer):
class Meta:
model = get_user_model()
fields = '__all__'
customer_details = CustomerDetailsSerializer()
You need to set the source argument to point to the user model's customer. Most probably:
customer_details = CustomerDetailsSerializer(source='customer')
(or maybe source='bcustomer', not sure if it reversed the field name or class name).
On a side not, you should not need the ListSerializer at all. The list method will call the serializer with the many=True argument on CustomerSerializer which will create the ListSerializer appropriately.

Limit choices to foreignkey in django rest framework

How to limit images of request.user to be linked with node. I wish I could do something like:
photo = models.ForeignKey(
Image,
limit_choices_to={'owner': username},
)
but request.user rather than username and I don't want to use local threads.
models.py
class Node(models.Model):
owner = models.ForeignKey(User)
content = models.TextField()
photo = models.ForeignKey(Image)
class Image(models.Model):
owner = models.ForeignKey(User)
file = models.ImageField(upload_to=get_upload_file_name)
serializers.py
class ImageSerializer(serializers.ModelSerializer):
owner = serializers.Field('owner.username')
class Meta:
model = Image
fields = ('file', 'owner')
class NodeSerializer(serializers.HyperlinkedModelSerializer):
class Meta:
model = Node
fields = ('content', 'photo', 'owner')
I would deal with this by overriding get_serializer_class to dynamically return a serializer class at runtime, setting the choices option on the field there:
def get_serializer_class(self, ...):
user = self.request.user
owner_choices = ... # However you want to restrict the choices
class ImageSerializer(serializers.ModelSerializer):
owner = serializers.Field('owner.username', choices=owner_choices)
class Meta:
model = Image
fields = ('file', 'owner')
return ImageSerializer
You can create a custom foreign key field and define get_queryset() method there to filter related objects to only those of your user. The current user can be retrieved from the request in the context:
class UserPhotoForeignKey(serializers.PrimaryKeyRelatedField):
def get_queryset(self):
return Image.objects.filter(owner=self.context['request'].user)
class NodeSerializer(serializers.HyperlinkedModelSerializer):
photo = UserPhotoForeignKey()
class Meta:
model = Node
fields = ('content', 'photo', 'owner')
This example is using Django REST Framework version 3.
class CustomForeignKey(serializers.PrimaryKeyRelatedField):
def get_queryset(self):
return Table.objects.filter(is_active=True)
class Serializer(serializers.ModelSerializer):
(...)
table= CustomForeignKey()
class Meta:
(...)
even more easy is :
class Serializer(serializers.ModelSerializer):
(...)
table = serializers.PrimaryKeyRelatedField(queryset=Table.objects.filter(is_active=True))
class Meta:
(...)
Because I am sure this logic will be used across an entire Django application why not make it more generic?
class YourPrimaryKeyRelatedField(serializers.PrimaryKeyRelatedField):
def __init__(self, **kwargs):
self.model = kwargs.pop('model')
assert hasattr(self.model, 'owner')
super().__init__(**kwargs)
def get_queryset(self):
return self.model.objects.filter(owner=self.context['request'].user)
serializers.py
class SomeModelSerializersWithABunchOfOwners(serializers.ModelSerializer):
photo = YourPrimaryKeyRelatedField(model=Photo)
categories = YourPrimaryKeyRelatedField(model=Category,
many=True)
# ...
from rest_framework import serializers
class CustomForeignKey(serializers.PrimaryKeyRelatedField):
def get_queryset(self):
return Table.objects.filter(user=self.context['request'].user)
# or: ...objects.filter(user=serializers.CurrentUserDefault()(self))
class Serializer(serializers.ModelSerializer):
table = CustomForeignKey()