如何使用用户标识用tastypie过滤对象? [英] How to filter objects by user id with tastypie?
问题描述
我有以下用户资源:
class UserResource(ModelResource):
class Meta:
queryset = User.objects.all()
resource_name ='user'
fields = ['username','first_name','last_name']
allowed_methods = ['get']
filters = {
'username':ALL,
'id':ALL,
}
和以下模型资源:
类GoalResource(ModelResource):
pre>
user = fields.ForeignKey(UserResource,'user')
class Meta:
#authentication = BasicAuthentication()
#authorization = ReadOnlyAuthorization()
queryset =目标.objects.all()
resource_name ='goal'
filters = {
'user':ALL_WITH_RELATIONS,
}
我想通过用户ID而不是用户名过滤目标。
我可以得到列表o通过对此执行GET请求,从某些用户名的目标:
http:// localhost:8000 / api / v1 / goal /?user__username = test
但是我想要按用户ID排序:
http:// localhost:8000 / api / v1 / goal /?user__id = 1
如何让第二部分工作?
另外,一般程序是什么通过Javascript访问当前登录的用户ID?我正在使用骨干,我想为所有登录用户的目标做一个帖子。我想到在用户的id的页面上放置一个隐藏的字段。然后从DOM中提取隐藏字段的值,但我认为使用chrome的开发人员工具可以随时更改ID。当然,我会使用身份验证来检查登录用户的id是否与隐藏字段中提取的id匹配。但是接受的方式是什么?
解决方案我不知道我在这里提出的建议是否可以在您的授权中工作。它适用于我使用ApiKeyAuthorization和Authorization。
我从以下网址阅读了这个想法:
http://django-tastypie.readthedocs.org/en/latest/cookbook.html [部分:创建每用户资源]
我的建议是:
如何取消注释认证和授权,并覆盖obj_create和apply_authorization。我在我的项目中使用它,它的工作原理。在方法apply_authorization的代码中,我刚刚添加了对超级用户的if条件检查,只需返回object_list +过滤器,而不检查(我做的,如果不是超级用户,则返回与用户组相关的数据)。
类GoalResource(ModelResource):
user = fields.ForeignKey(UserResource,'user')
class Meta:
authentication = BasicAuthentication()
authorization = ReadOnlyAuthorization()
queryset = Goal.objects.all()
resource_name ='goal'
filtering = {
'user':ALL_WITH_RELATIONS,
}
def obj_create(self,bundle,request = None,** kwargs):
return super环境资源,自身).obj_create(bundle,request,user = request.user)
def apply_authorization_limits(self,request,object_list):
如果request.user.is_superuser:
return object_list.filter(user__id = request.GET.get('user__id',''))
$ b $希望是你所要求的,它有帮助。
最好的!I have the following user resource:
class UserResource(ModelResource): class Meta: queryset = User.objects.all() resource_name = 'user' fields = ['username', 'first_name', 'last_name'] allowed_methods = ['get'] filtering = { 'username': ALL, 'id': ALL, }
and the following model resource:
class GoalResource(ModelResource): user = fields.ForeignKey(UserResource, 'user') class Meta: #authentication = BasicAuthentication() #authorization = ReadOnlyAuthorization() queryset = Goal.objects.all() resource_name = 'goal' filtering = { 'user': ALL_WITH_RELATIONS, }
I want to be able to filter the goal by user id rather than username.
I can get a list of goals from certain usernames by doing a GET request on this:
http://localhost:8000/api/v1/goal/?user__username=test
But I want to be able to sort by user id instead:
http://localhost:8000/api/v1/goal/?user__id=1
How would I get the second part to work?
Also, what is the general procedure for accessing a currently logged in user's id through Javascript? I am using backbonejs, and I want to do a post for all of a logged in user's goal. I thought about putting a hidden field on the page with the user's id. Then extracting the value of the hidden field from the DOM, but I figured it's easy to use chrome's developer tools to change the id whenever I want. Of course, I will use authentication to check that the logged in user's id matches the one that I extract from the hidden field, though. But what is the accepted way?
解决方案I am not sure if what I propose here can work in your authorization. It works for me using ApiKeyAuthorization and Authorization.
I read the idea from: http://django-tastypie.readthedocs.org/en/latest/cookbook.html [Section: Creating per-user resources ]
My suggestion is:
What about uncommenting authentication and authorization, and overriding obj_create and apply_authorization. I am using that in my project, and it works. In the code of the method apply_authorization, I just added the if condition checking for superuser, you can just return the object_list+filter without checking that (I do it cause if is not superuser, I return data related to groups of users).
class GoalResource(ModelResource): user = fields.ForeignKey(UserResource, 'user') class Meta: authentication = BasicAuthentication() authorization = ReadOnlyAuthorization() queryset = Goal.objects.all() resource_name = 'goal' filtering = { 'user': ALL_WITH_RELATIONS, } def obj_create(self, bundle, request=None, **kwargs): return super(EnvironmentResource, self).obj_create(bundle, request, user=request.user) def apply_authorization_limits(self, request, object_list): if request.user.is_superuser: return object_list.filter(user__id=request.GET.get('user__id',''))
Hope is what you were asking, and it helps. best with that!
这篇关于如何使用用户标识用tastypie过滤对象?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!