Django Rest Framework:在创建对象后禁用字段更新 [英] Django Rest Framework: Disable field update after object is created

查看:24
本文介绍了Django Rest Framework:在创建对象后禁用字段更新的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我正在尝试通过 Django Rest Framework API 调用使我的用户模型成为 RESTful,以便我可以创建用户并更新他们的个人资料.

I'm trying to make my User model RESTful via Django Rest Framework API calls, so that I can create users as well as update their profiles.

但是,当我对我的用户进行特定的验证过程时,我不希望用户能够在他们的帐户创建后更新用户名.我尝试使用 read_only_fields,但这似乎在 POST 操作中禁用了该字段,因此我无法在创建用户对象时指定用户名.

However, as I go through a particular verification process with my users, I do not want the users to have the ability to update the username after their account is created. I attempted to use read_only_fields, but that seemed to disable that field in POST operations, so I was unable to specify a username when creating the user object.

我该如何实施?现在存在的 API 的相关代码如下.

How can I go about implementing this? Relevant code for the API as it exists now is below.

class UserSerializer(serializers.HyperlinkedModelSerializer):
    class Meta:
        model = User
        fields = ('url', 'username', 'password', 'email')
        write_only_fields = ('password',)

    def restore_object(self, attrs, instance=None):
        user = super(UserSerializer, self).restore_object(attrs, instance)
        user.set_password(attrs['password'])
        return user


class UserViewSet(viewsets.ModelViewSet):
    """
    API endpoint that allows users to be viewed or edited.
    """
    serializer_class = UserSerializer
    model = User

    def get_permissions(self):
        if self.request.method == 'DELETE':
            return [IsAdminUser()]
        elif self.request.method == 'POST':
            return [AllowAny()]
        else:
            return [IsStaffOrTargetUser()]

谢谢!

推荐答案

看来 POST 和 PUT 方法需要不同的序列化程序.在 PUT 方法的序列化程序中,您可以只保留用户名字段(或将用户名字段设置为只读).

It seems that you need different serializers for POST and PUT methods. In the serializer for PUT method you are able to just except the username field (or set the username field as read only).

class UserViewSet(viewsets.ModelViewSet):
    """
    API endpoint that allows users to be viewed or edited.
    """
    serializer_class = UserSerializer
    model = User

    def get_serializer_class(self):
        serializer_class = self.serializer_class

        if self.request.method == 'PUT':
            serializer_class = SerializerWithoutUsernameField

        return serializer_class

    def get_permissions(self):
        if self.request.method == 'DELETE':
            return [IsAdminUser()]
        elif self.request.method == 'POST':
            return [AllowAny()]
        else:
            return [IsStaffOrTargetUser()]

检查这个问题 django-rest-framework:在同一 URL 中独立的 GET 和 PUT 但不同的泛型视图

这篇关于Django Rest Framework:在创建对象后禁用字段更新的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
其他开发最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆