stackoom
  简体   繁体   中英

Django rest framework best way to validate POST request parameters

 原文  2019-02-25 13:18:03       python/ django/ django-rest-framework/ django-views

Question

When I receive a POST request on a Django rest framework APIView class, I would like to filter/validate the parameters that are passed to prevent to be modified. For example, for this serilizer: 

class MediaSerializer(serializers.ModelSerializer):
    class Meta:
        model = Media
        fields = ('id', 'title', 'content', 'url', 'createdByUser', 'karma', 'type', 'issue', 'creationDate', 'updatedDate')

Some parameters such the id , creationDate or createdByUser shouldn't be modified. So for my class class MediaDetail(APIView) I have: 


def validateRequest(self):
        user = self.request.data.get('createdByUser', None)
        karma = self.request.data.get('karma', None)
        creationDate = self.request.data.get('creationDate', None)

        if user is not None or karma is not None or creationDate is not None:
            return Response(status=status.HTTP_400_BAD_REQUEST)
@method_decorator(login_required)
def post(self, request, pk, format=None):
        self.validateRequest()
        media = self.get_object(pk)
        self._throwIfNotMediaAuthor(media, request.user)

        serializer = MediaSerializer(media, data=request.data)

        if serializer.is_valid():
            # serializer.save()
            return Response(serializer.data)
        return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)

Is there a better way to make this validation? Maybe on the serializer? I didn't found enough documentation

1 answers

solution1
 0 ACCPTED  2019-02-25 13:23:30

Yes, you can use the read_only_fields parameter on your serializer's Meta .

Example on how to use inside your current view (modified it a little assuming you want to create an object when POST ing as per REST's guidelines ): 

class MediaSerializer(serializers.ModelSerializer):
    class Meta:
        model = Media
        read_only_fields = ('id', 'karma', 'createdByUser', 'creationDate')
        ...

@method_decorator(login_required)
def post(self, request, pk, format=None):
        serializer = MediaSerializer(data=request.data)
        serializer.is_valid(raise_exception=True)
        serializer.save(createdByUser=request.user, creationDate=timezone.now().date(), karma=initial_value)
        return Response(serializer.data, status=status.HTTP_201_CREATED)

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Convert GET parameters to POST data on a Request object in Django REST Framework Post Request Django REST Framework Django rest framework Post request Validate user on update request in Django REST framework get parameters in a get request in django rest framework? Cross site post request with django rest framework Handling JSON Post request in Django rest framework Django rest framework custom filter for POST request Perform post request using Django rest framework Django rest framework post request not retrieving anything
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM