Django Rest Framework:在创建对象后禁用字段更新 [英] Django Rest Framework: Disable field update after object is created
问题描述
我正在尝试通过 Django Rest Framework API 调用使我的用户模型成为 RESTful,以便我可以创建用户并更新他们的个人资料.
I'm trying to make my User model RESTful via Django Rest Framework API calls, so that I can create users as well as update their profiles.
但是,当我对我的用户进行特定的验证过程时,我不希望用户能够在他们的帐户创建后更新用户名.我尝试使用 read_only_fields,但这似乎在 POST 操作中禁用了该字段,因此我无法在创建用户对象时指定用户名.
However, as I go through a particular verification process with my users, I do not want the users to have the ability to update the username after their account is created. I attempted to use read_only_fields, but that seemed to disable that field in POST operations, so I was unable to specify a username when creating the user object.
我该如何实施?现在存在的 API 的相关代码如下.
How can I go about implementing this? Relevant code for the API as it exists now is below.
class UserSerializer(serializers.HyperlinkedModelSerializer):
class Meta:
model = User
fields = ('url', 'username', 'password', 'email')
write_only_fields = ('password',)
def restore_object(self, attrs, instance=None):
user = super(UserSerializer, self).restore_object(attrs, instance)
user.set_password(attrs['password'])
return user
class UserViewSet(viewsets.ModelViewSet):
"""
API endpoint that allows users to be viewed or edited.
"""
serializer_class = UserSerializer
model = User
def get_permissions(self):
if self.request.method == 'DELETE':
return [IsAdminUser()]
elif self.request.method == 'POST':
return [AllowAny()]
else:
return [IsStaffOrTargetUser()]
谢谢!
推荐答案
看来 POST 和 PUT 方法需要不同的序列化程序.在 PUT 方法的序列化程序中,您可以只保留用户名字段(或将用户名字段设置为只读).
It seems that you need different serializers for POST and PUT methods. In the serializer for PUT method you are able to just except the username field (or set the username field as read only).
class UserViewSet(viewsets.ModelViewSet):
"""
API endpoint that allows users to be viewed or edited.
"""
serializer_class = UserSerializer
model = User
def get_serializer_class(self):
serializer_class = self.serializer_class
if self.request.method == 'PUT':
serializer_class = SerializerWithoutUsernameField
return serializer_class
def get_permissions(self):
if self.request.method == 'DELETE':
return [IsAdminUser()]
elif self.request.method == 'POST':
return [AllowAny()]
else:
return [IsStaffOrTargetUser()]
检查这个问题 django-rest-framework:在同一 URL 中独立的 GET 和 PUT 但不同的泛型视图
这篇关于Django Rest Framework:在创建对象后禁用字段更新的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!