我有一个通用的api视图,我想同时使用它来放置,删除(以及最终更新)特定模型的记录,但是我对在Django中删除记录的最佳做法感到困惑。我应该使用内置的delete方法,还是定义自己的方法?我是否可以在GenericAPIView上将其作为DELETE或“ destroy”方法进行处理。我不想只允许任何人删除记录,因此我需要首先验证他们是创建记录的同一用户。通过某些帐户,听起来好像Django允许您仅使用身份验证和ID删除记录。如果为true,如何禁用此行为?
感谢您提供有关这些各种问题的任何代码或指南。
frontend.js
const deleteRow = (id) => {
alert(id)
fetch(`${SERVER_URL}/api/v1/requirements/related_files/${id}`, {
method: 'DELETE',
credentials: 'include',
headers: {
Accept: 'application/json, text/plain, */*',
'Content-Type': 'application/json',
Authorization: `Token ${token}`,
},
views.py
class CommentsView(GenericAPIView):
authentication_classes = (TokenAuthentication,)
serializer_class = CommentsSerializer
def post(self, request):
request.data['user'] = request.user.id
comment = CommentsSerializer(data=request.data)
if comment.is_valid():
comment.save()
return Response(comment.data, status=status.HTTP_201_CREATED)
return Response(comment.errors, status=status.HTTP_400_BAD_REQUEST)
def delete(self,request):
???? what do I do here ????
答案 0 :(得分:2)
URL应该包含要删除它的对象。我们假设urls.py类似于:
url(r'^/api/v1/requirements/related_files/(?P<comment_id>[0-9]+)/$', views.CommentsView.as_view())
然后在delete部分,我们只需要拥有comment_id:
class CommentsView(GenericAPIView):
authentication_classes = (TokenAuthentication,)
serializer_class = CommentsSerializer
def post(self, request):
request.data['user'] = request.user.id
comment = CommentsSerializer(data=request.data)
if comment.is_valid():
comment.save()
return Response(comment.data, status=status.HTTP_201_CREATED)
return Response(comment.errors, status=status.HTTP_400_BAD_REQUEST)
def delete(self,request):
comment_id = self.kwargs["comment_id"]
comment = get_object_or_404(Comment, id=comment_id)
comment.delete()
return Response(status=204)
答案 1 :(得分:1)
您还可以在GenericViewSet旁边使用mixins,即UpdateModelMixin和DestroyModelMixin。
class CommentsViewSet(UpdateModelMixin, DestroyModelMixin, GenericViewSet):
authentication_classes = (TokenAuthentication,)
serializer = CommentsSerializer
Model = Comments // Write your model name here
queryset = Comments.objects.all()
然后,您的网址将如下所示,因为使用ViewSet时,您应该使用路由器。
from rest_framework.routers import DefaultRouter
router = DefaultRouter()
router.register(r'^requirements/related_files/', views.CommentsViewSet)
urlpatterns = {
path("/api/v1/", include(router.urls))
}
答案 2 :(得分:1)
使用内置行为很好,只是子类rest_framework.viewsets.ModelViewSet-它具有所有通常的创建/更新/删除功能。如果要保护删除,请添加自己的权限类。
from rest_framework.permissions import BasePermission
class OnlyOwnerDeletePermission(BasePermission):
def has_object_permission(self, request, view, obj):
if request.method == "DELETE":
return request.user.id == obj.user_id # prevent fetching whole user model
return True # anyone can do any other action