python - 如果当前用户 id 与实时类对象中的 id 不同,我想限制特定用户创建保存的类对象
问题描述
我的模型.py
from django.db import models
from django.contrib.auth.models import User
import datetime
from django.utils import timezone
# Create your models here.
class LiveClass(models.Model):
standard = models.IntegerField()
no_of_students_registered = models.IntegerField(default=0)
class Meta:
verbose_name_plural = 'Class'
def __str__(self):
return str(self.standard) + ' class'
class User_details(models.Model):
name = models.OneToOneField(User, on_delete = models.CASCADE, max_length=30)
standard = models.IntegerField(default=0)
email = models.EmailField()
mobile_number = models.IntegerField()
class Meta:
verbose_name_plural = 'User_details'
def __str__(self):
return str(self.name)
class Mentor(models.Model):
name = models.CharField(max_length=30)
details = models.TextField()
ratings = models.FloatField(default=2.5)
class Meta:
verbose_name_plural = 'Mentors'
def __str__(self):
return self.name
class LiveClass_details(models.Model):
standard = models.ForeignKey(LiveClass, on_delete=models.CASCADE)
chapter_name = models.CharField(max_length=30)
chapter_details = models.TextField()
mentor_name = models.ForeignKey(Mentor, max_length=30, on_delete=models.CASCADE)
class_time = models.DateTimeField()
end_time = models.DateTimeField(default=timezone.now())
isDoubtClass = models.BooleanField(default=False)
doubtsAddressed = models.IntegerField(default=0)
class Meta:
verbose_name_plural = 'LiveClass_details'
def __str__(self):
return self.chapter_name
class SavedClass(models.Model):
class_details = models.ForeignKey(LiveClass_details, on_delete=models.CASCADE)
user = models.ForeignKey(User, on_delete=models.CASCADE)
is_registered = models.BooleanField(default=False)
is_attended = models.BooleanField(default=False)
class Meta:
verbose_name_plural = 'SavedClasses'
def __str__(self):
return 'SavedClass : ' + str(self.class_details)
我的意见.py
from django.shortcuts import render
from rest_framework import mixins
from rest_framework import generics
from django.contrib.auth.mixins import LoginRequiredMixin
from rest_framework import status
from django.contrib.auth.models import User
from rest_framework.response import Response
from django.contrib.auth import authenticate
from . import serializers
from . import models
# Create your views here.
class ListLiveClass(mixins.ListModelMixin, LoginRequiredMixin, generics.GenericAPIView):
queryset = models.LiveClass_details.objects.all()
serializer_class = serializers.LiveClass_details_serializer
def get(self, request, *args, **kwargs):
return self.list(request, *args, **kwargs)
class LiveClassView(mixins.ListModelMixin,
mixins.CreateModelMixin,
LoginRequiredMixin,
generics.GenericAPIView):
queryset = models.LiveClass_details.objects.all()
serializer_class = serializers.LiveClass_details_serializer
def get(self, request, *args, **kwargs):
return self.list(request, *args, **kwargs)
def post(self, request, *args, **kwargs):
if request.user.is_superuser:
return self.create(request, *args, **kwargs)
else:
return Response(status=status.HTTP_403_FORBIDDEN)
class LiveClassViewId(mixins.RetrieveModelMixin,
mixins.UpdateModelMixin,
mixins.DestroyModelMixin,
LoginRequiredMixin,
generics.GenericAPIView):
queryset = models.LiveClass_details.objects.all()
serializer_class = serializers.LiveClass_details_serializer
lookup_field = 'id'
def get(self, request, id=None, format=None):
if id:
return self.retrieve(request)
else:
return Response(status=status.HTTP_400_BAD_REQUEST)
def put(self, request, id, format=None):
if request.user.is_superuser:
return self.update(request, id)
else:
return Response(status=status.HTTP_403_FORBIDDEN)
def delete(self, request, id, format=None):
if request.user.is_superuser:
return self.destroy(request, id)
else:
return Response(status=status.HTTP_403_FORBIDDEN)
class ListMentors(mixins.ListModelMixin, LoginRequiredMixin, generics.GenericAPIView):
queryset = models.Mentor.objects.all()
serializer_class = serializers.Mentor_serializer
def get(self, request, *args, **kwargs):
return self.list(request, *args, **kwargs)
class ListUserDetails(mixins.ListModelMixin, LoginRequiredMixin, generics.GenericAPIView):
queryset = models.User_details.objects.all()
serializer_class = serializers.User_details_serializer
def get(self, request, *args, **kwargs):
return self.list(request, *args, **kwargs)
#api endpoints to save and register live classes
class SavedClassView(LoginRequiredMixin, mixins.ListModelMixin, mixins.CreateModelMixin, mixins.DestroyModelMixin, generics.GenericAPIView):
serializer_class = serializers.SavedClass_serializer
def get_queryset(self):
user = self.request.user
return models.SavedClass.objects.filter(user=self.request.user.id)
def get(self, request):
return self.list(request)
def post(self, request):
cur_user = self.get_object()
#return self.create(request)
return Response(status=status.HTTP_403_FORBIDDEN)
我的序列化程序.py
from rest_framework import serializers
from . import models
class LiveClass_serializer(serializers.ModelSerializer):
class Meta:
model = models.LiveClass
fields = '__all__'
class SavedClass_serializer(serializers.ModelSerializer):
class Meta:
model = models.SavedClass
fields = '__all__'
class User_details_serializer(serializers.ModelSerializer):
saved_class = SavedClass_serializer()
class Meta:
model = models.User_details
fields = '__all__'
class LiveClass_details_serializer(serializers.ModelSerializer):
class Meta:
model = models.LiveClass_details
fields = '__all__'
class Mentor_serializer(serializers.ModelSerializer):
class Meta:
model = models.Mentor
fields = '__all__'
在 GET 请求的 savedClass 视图中,我在模型中的用户与当前用户匹配的任何地方渲染所有 savedClass 模型,现在在 POST 请求中,我只想为当前用户创建 savedclass 行并禁止用户创建具有不同的视图用户身份
我的 SavedClass 模型也需要帮助,其中用户是否注册只能由管理员决定
我尝试了不同的可能的事情,但无法做到,我是 Django 新手,所以需要帮助
解决方案
您可以从中获取登录用户,request.user这样应该可以工作
def post(self, request):
cur_user = request.user
if cur_user.id == request.data.user:
return self.create(request)
return Response(status=status.HTTP_403_FORBIDDEN)
假设只有登录用户可以调用这个api
推荐阅读
- c# - 如何使用 VB6 从 Windows 服务中直接读取值?
- scala - Spark Streaming 的 mapWithState 的状态范围是什么?
- ios - 如何知道坐标是否在 MapKit iOS 中的相机之外?
- sql - “记录集”的工作方式因“新”或“创建对象”而异
- node.js - 在高山运行 curl 需要很长时间才能开始
- android - getEncryptedData(String) 调用效率低下的新 String(String) 构造函数 - Findbugs
- swift - 是否可以用不同的变量类型覆盖父类常量变量?
- heroku - Sinatra 错误(捆绑程序:加载命令失败:rackup)
- android - 在 ARCore 中渲染平面时自定义纹理 - Android
- .htaccess - Htaccess 将一些具体的 URL 重定向到主页