[英]Django rest framework best way to validate POST request parameters
當我收到有關Django rest框架APIView類的POST請求時,我想過濾/驗證傳遞的參數以防止被修改。 例如,對於此Serilizer:
class MediaSerializer(serializers.ModelSerializer):
class Meta:
model = Media
fields = ('id', 'title', 'content', 'url', 'createdByUser', 'karma', 'type', 'issue', 'creationDate', 'updatedDate')
不應修改id , creationDate或createdByUser等某些參數。 因此,對於我的課程class MediaDetail(APIView)我有:
def validateRequest(self):
user = self.request.data.get('createdByUser', None)
karma = self.request.data.get('karma', None)
creationDate = self.request.data.get('creationDate', None)
if user is not None or karma is not None or creationDate is not None:
return Response(status=status.HTTP_400_BAD_REQUEST)
@method_decorator(login_required)
def post(self, request, pk, format=None):
self.validateRequest()
media = self.get_object(pk)
self._throwIfNotMediaAuthor(media, request.user)
serializer = MediaSerializer(media, data=request.data)
if serializer.is_valid():
# serializer.save()
return Response(serializer.data)
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
有沒有更好的方法進行此驗證? 也許在序列化器上? 我找不到足夠的文檔
是的,您可以在序列化程序的Meta上使用read_only_fields參數。
有關如何在當前視圖內使用的示例(假設您要根據REST的指南在POST時創建一個對象,請對其進行一些修改):
class MediaSerializer(serializers.ModelSerializer):
class Meta:
model = Media
read_only_fields = ('id', 'karma', 'createdByUser', 'creationDate')
...
@method_decorator(login_required)
def post(self, request, pk, format=None):
serializer = MediaSerializer(data=request.data)
serializer.is_valid(raise_exception=True)
serializer.save(createdByUser=request.user, creationDate=timezone.now().date(), karma=initial_value)
return Response(serializer.data, status=status.HTTP_201_CREATED)
將 GET 參數轉換為 Django REST Framework 中請求對象上的 POST 數據
[英]Convert GET parameters to POST data on a Request object in Django REST Framework
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.