When I receive a POST
request on a Django rest framework APIView
class, I would like to filter/validate the parameters that are passed to prevent to be modified. For example, for this serilizer:
class MediaSerializer(serializers.ModelSerializer):
class Meta:
model = Media
fields = ('id', 'title', 'content', 'url', 'createdByUser', 'karma', 'type', 'issue', 'creationDate', 'updatedDate')
Some parameters such the id
, creationDate
or createdByUser
shouldn't be modified. So for my class class MediaDetail(APIView)
I have:
def validateRequest(self):
user = self.request.data.get('createdByUser', None)
karma = self.request.data.get('karma', None)
creationDate = self.request.data.get('creationDate', None)
if user is not None or karma is not None or creationDate is not None:
return Response(status=status.HTTP_400_BAD_REQUEST)
@method_decorator(login_required)
def post(self, request, pk, format=None):
self.validateRequest()
media = self.get_object(pk)
self._throwIfNotMediaAuthor(media, request.user)
serializer = MediaSerializer(media, data=request.data)
if serializer.is_valid():
# serializer.save()
return Response(serializer.data)
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
Is there a better way to make this validation? Maybe on the serializer? I didn't found enough documentation
Yes, you can use the read_only_fields
parameter on your serializer's Meta
.
Example on how to use inside your current view (modified it a little assuming you want to create an object when POST
ing as per REST's guidelines ):
class MediaSerializer(serializers.ModelSerializer):
class Meta:
model = Media
read_only_fields = ('id', 'karma', 'createdByUser', 'creationDate')
...
@method_decorator(login_required)
def post(self, request, pk, format=None):
serializer = MediaSerializer(data=request.data)
serializer.is_valid(raise_exception=True)
serializer.save(createdByUser=request.user, creationDate=timezone.now().date(), karma=initial_value)
return Response(serializer.data, status=status.HTTP_201_CREATED)
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.