如何使用用户标识用tastypie过滤对象？ [英] How to filter objects by user id with tastypie?

问题描述

我有以下用户资源：

  class UserResource（ModelResource）：
 class Meta：
 queryset = User.objects.all（）
 resource_name ='user'
 fields = ['username'，'first_name'，'last_name'] 
 allowed_methods = ['get'] 
 filters = {
'username'：ALL，
'id'：ALL，
} 
  

和以下模型资源：

 类GoalResource（ModelResource）：
 user = fields.ForeignKey（UserResource，'user'）
 
 class Meta：
 #authentication = BasicAuthentication（）
 #authorization = ReadOnlyAuthorization（）
 queryset =目标.objects.all（）
 resource_name ='goal'
 filters = {
'user'：ALL_WITH_RELATIONS，
} 
  pre> 
 
 
我想通过用户ID而不是用户名过滤目标。
 
 
 
我可以得到列表o通过对此执行GET请求，从某些用户名的目标：
  http：// localhost：8000 / api / v1 / goal /？user__username = test 
  
但是我想要按用户ID排序：
  http：// localhost：8000 / api / v1 / goal /？user__id = 1 
  
如何让第二部分工作？
 
 
 
另外，一般程序是什么通过Javascript访问当前登录的用户ID？我正在使用骨干，我想为所有登录用户的目标做一个帖子。我想到在用户的id的页面上放置一个隐藏的字段。然后从DOM中提取隐藏字段的值，但我认为使用chrome的开发人员工具可以随时更改ID。当然，我会使用身份验证来检查登录用户的id是否与隐藏字段中提取的id匹配。但是接受的方式是什么？
解决方案
我不知道我在这里提出的建议是否可以在您的授权中工作。它适用于我使用ApiKeyAuthorization和Authorization。 
 
 
 
我从以下网址阅读了这个想法：
  http://django-tastypie.readthedocs.org/en/latest/cookbook.html  [部分：创建每用户资源] 
 
 
 
我的建议是：
 
 
 
如何取消注释认证和授权，并覆盖obj_create和apply_authorization。我在我的项目中使用它，它的工作原理。在方法apply_authorization的代码中，我刚刚添加了对超级用户的if条件检查，只需返回object_list +过滤器，而不检查（我做的，如果不是超级用户，则返回与用户组相关的数据）。 
 类GoalResource（ModelResource）：
 user = fields.ForeignKey（UserResource，'user'）
 
 class Meta：
 authentication = BasicAuthentication（）
 authorization = ReadOnlyAuthorization（）
 queryset = Goal.objects.all（）
 resource_name ='goal'
 filtering = {
'user'：ALL_WITH_RELATIONS，
} 
 
 def obj_create（self，bundle，request = None，** kwargs）：
 return super环境资源，自身）.obj_create（bundle，request，user = request.user）
 
 
 def apply_authorization_limits（self，request，object_list）：
如果request.user.is_superuser： 
 return object_list.filter（user__id = request.GET.get（'user__id'，''））
  
 
 $ b $希望是你所要求的，它有帮助。 
最好的！ 
 
I have the following user resource:
class UserResource(ModelResource):
  class Meta:
    queryset = User.objects.all()
    resource_name = 'user'
    fields = ['username', 'first_name', 'last_name']
    allowed_methods = ['get']
    filtering = {
      'username': ALL,
      'id': ALL,
    }
and the following model resource:
class GoalResource(ModelResource):
  user = fields.ForeignKey(UserResource, 'user')

  class Meta:
    #authentication = BasicAuthentication()
    #authorization = ReadOnlyAuthorization()
    queryset = Goal.objects.all()
    resource_name = 'goal'
    filtering = {
      'user': ALL_WITH_RELATIONS,
    }
I want to be able to filter the goal by user id rather than username.

I can get a list of goals from certain usernames by doing a GET request on this:
http://localhost:8000/api/v1/goal/?user__username=test
But I want to be able to sort by user id instead:
http://localhost:8000/api/v1/goal/?user__id=1
How would I get the second part to work?

Also, what is the general procedure for accessing a currently logged in user's id through Javascript? I am using backbonejs, and I want to do a post for all of a logged in user's goal. I thought about putting a hidden field on the page with the user's id. Then extracting the value of the hidden field from the DOM, but I figured it's easy to use chrome's developer tools to change the id whenever I want. Of course, I will use authentication to check that the logged in user's id matches the one that I extract from the hidden field, though. But what is the accepted way?
解决方案
I am not sure if what I propose here can work in your authorization. It works for me using ApiKeyAuthorization and Authorization. 

I read the idea from: 
http://django-tastypie.readthedocs.org/en/latest/cookbook.html [Section: Creating per-user resources ]

My suggestion is: 

What about uncommenting authentication and authorization, and overriding obj_create and apply_authorization. I am using that in my project, and it works. In the code of the method apply_authorization, I just added the if condition checking for superuser, you can just return the object_list+filter without checking that (I do it cause if is not superuser, I return data related to groups of users). 
class GoalResource(ModelResource):
  user = fields.ForeignKey(UserResource, 'user')

  class Meta:
    authentication = BasicAuthentication()
    authorization = ReadOnlyAuthorization()
    queryset = Goal.objects.all()
    resource_name = 'goal'
    filtering = {
      'user': ALL_WITH_RELATIONS,
    }

   def obj_create(self, bundle, request=None, **kwargs):
       return super(EnvironmentResource, self).obj_create(bundle, request, user=request.user)


   def apply_authorization_limits(self, request, object_list):
       if request.user.is_superuser:
           return object_list.filter(user__id=request.GET.get('user__id',''))
Hope is what you were asking, and it helps. 
best with that! 

                        
这篇关于如何使用用户标识用tastypie过滤对象？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！