As you went through the tutorial you must have come across the section on migration, as this was one of the major changes in Django 1.7 Prior to Django 1.7, the syncdb command never made any change that had a chance to destroy data currently in the database. This meant that if you did syncdb … Read more
It seems that you need different serializers for POST and PUT methods. In the serializer for PUT method you are able to just except the username field (or set the username field as read only). class UserViewSet(viewsets.ModelViewSet): “”” API endpoint that allows users to be viewed or edited. “”” serializer_class = UserSerializer model = User … Read more
GenericViewSet has the get_serializer_context method which will let you update context: class MyModelViewSet(ModelViewSet): queryset = MyModel.objects.all() permission_classes = [DjangoModelPermissions] serializer_class = MyModelSerializer def get_serializer_context(self): context = super().get_serializer_context() context.update({“request”: self.request}) return context For Python 2.7, use context = super(MyModelViewSet, self).get_serializer_context()
You cannot access the request.user directly. You need to access the request object, and then fetch the user attribute. Like this: user = self.context[‘request’].user Or to be more safe, user = None request = self.context.get(“request”) if request and hasattr(request, “user”): user = request.user More on extra context can be read here
Routers work with a ViewSet and aren’t designed for normal views, but that doesn’t mean that you cannot use them with a normal view. Normally they are used with models (and a ModelViewSet), but they can be used without them using the GenericViewSet (if you would normally use a GenericAPIView) and ViewSet (if you would … Read more
If you are strictly using the HTTP authentication framework provided by RFC 7235 for your REST API, the correct HTTP code would actually be 401. From the RFC: The 401 (Unauthorized) status code indicates that the request has not been applied because it lacks valid authentication credentials for the target resource. The server generating a … Read more
You can subclass the ListSerializer and overwrite the to_representation method. By default the to_representation method calls data.all() on the nested queryset. So you effectively need to make data = data.filter(**your_filters) before the method is called. Then you need to add your subclassed ListSerializer as the list_serializer_class on the meta of the nested serializer. subclass ListSerializer, … Read more
Since most likely your username field has unique=True set, Django REST Framework automatically adds a validator that checks to make sure the new username is unique. You can actually confirm this by doing repr(serializer()), which will show you all of the automatically generated fields, which includes the validators. Validation is run in a specific, undocumented … Read more
In fact there a solution without touching at all the model. You can use SerializerMethodField which allow you to plug any method to your serializer. class FooSerializer(ModelSerializer): foo = serializers.SerializerMethodField() def get_foo(self, obj): return “Foo id: %i” % obj.pk
AngularJS Single Page Web Application on Sub-domain A, talking to a Django JSON (REST) API on Sub-domain B using CORS and CSRF protection Since I’m currently working on a similar setup and was battling to get CORS to work properly in combination with CSRF protection, I wanted to share my own learnings here. Setup – … Read more