Django Rest框架:创建对象后禁用字段更新 [英] Django Rest Framework: Disable field update after object is created
问题描述
我正在尝试通过Django Rest Framework API调用我的用户模型RESTful,以便我可以创建用户以及更新他们的个人资料。
I'm trying to make my User model RESTful via Django Rest Framework API calls, so that I can create users as well as update their profiles.
但是,当我与用户进行特定的验证过程时,我不希望用户在创建帐户后能够更新用户名。我尝试使用read_only_fields,但是似乎在POST操作中禁用该字段,因此在创建用户对象时无法指定用户名。
However, as I go through a particular verification process with my users, I do not want the users to have the ability to update the username after their account is created. I attempted to use read_only_fields, but that seemed to disable that field in POST operations, so I was unable to specify a username when creating the user object.
我如何去关于实现这个?现在存在的API的相关代码如下所示。
How can I go about implementing this? Relevant code for the API as it exists now is below.
class UserSerializer(serializers.HyperlinkedModelSerializer):
class Meta:
model = User
fields = ('url', 'username', 'password', 'email')
write_only_fields = ('password',)
def restore_object(self, attrs, instance=None):
user = super(UserSerializer, self).restore_object(attrs, instance)
user.set_password(attrs['password'])
return user
class UserViewSet(viewsets.ModelViewSet):
"""
API endpoint that allows users to be viewed or edited.
"""
serializer_class = UserSerializer
model = User
def get_permissions(self):
if self.request.method == 'DELETE':
return [IsAdminUser()]
elif self.request.method == 'POST':
return [AllowAny()]
else:
return [IsStaffOrTargetUser()]
谢谢!
推荐答案
看来,您需要POST和PUT方法的不同序列化程序。在PUT方法的序列化器中,您可以只使用用户名字段(或将用户名字段设置为只读)。
It seems that you need different serializers for POST and PUT methods. In the serializer for PUT method you are able to just except the username field (or set the username field as read only).
class UserViewSet(viewsets.ModelViewSet):
"""
API endpoint that allows users to be viewed or edited.
"""
serializer_class = UserSerializer
model = User
def get_serializer_class(self):
serializer_class = self.serializer_class
if self.request.method == 'PUT':
serializer_class = SerializerWithoutUsernameField
return serializer_class
def get_permissions(self):
if self.request.method == 'DELETE':
return [IsAdminUser()]
elif self.request.method == 'POST':
return [AllowAny()]
else:
return [IsStaffOrTargetUser()]
检查这个问题 django-rest-framework:相同URL中的独立GET和PUT但不同泛型视图
这篇关于Django Rest框架:创建对象后禁用字段更新的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!