gpt4 book ai didi

python - 从 tastypie 上的资源中删除列表端点

转载 作者:太空宇宙 更新时间:2023-11-03 15:20:01 26 4
gpt4 key购买 nike

我的 api 上有一个总是返回登录用户的资源。该资源是只读的。我希望列表 uri 充当详细信息 uri,并删除详细信息 url。

因此,/api/v1/user/ 将返回登录的用户,而任何其他 url 都会失败。这就是我为实现这一目标所做的:

class UserResource(ModelResource):
class Meta:
queryset = User.objects.all()
fields = ['email', 'name']
authentication = MultiAuthentication(SessionAuthentication(), BasicAuthentication())
authorization = Authorization()
list_allowed_methods = []
detail_allowed_methods = ['get']

def base_urls(self):
'''
The list endpoint behaves as the list endpoint.
'''
return [
url(r"^(?P<resource_name>%s)%s$" % (self._meta.resource_name, trailing_slash()), self.wrap_view('dispatch_detail'), name="api_dispatch_detail"),
url(r"^(?P<resource_name>%s)/schema%s$" % (self._meta.resource_name, trailing_slash()), self.wrap_view('get_schema'), name="api_get_schema")
]

def obj_get(self, bundle, **kwargs):
'''
Always returns the logged in user.
'''
return bundle.request.user

def get_resource_uri(self, bundle_or_obj=None, url_name='api_dispatch_detail'):
bundle_or_obj = None
try:
return self._build_reverse_url(url_name, kwargs=self.resource_uri_kwargs(bundle_or_obj))
except NoReverseMatch:
return ''

我使用 base_urls() 而不是 prepend_urls() 因为我想删除其他 url。

它工作正常,但是当我点击 /api/v1/ url 时,我得到这个错误:

Traceback:
File "/home/vagrant/workspace/expenses/venv/local/lib/python2.7/site-packages/Django-1.5-py2.7.egg/django/core/handlers/base.py" in get_response
115. response = callback(request, *callback_args, **callback_kwargs)
File "/home/vagrant/workspace/expenses/venv/local/lib/python2.7/site-packages/django_tastypie-0.9.15-py2.7.egg/tastypie/api.py" in wrapper
80. return getattr(self, view)(request, *args, **kwargs)
File "/home/vagrant/workspace/expenses/venv/local/lib/python2.7/site-packages/django_tastypie-0.9.15-py2.7.egg/tastypie/api.py" in top_level
137. 'resource_name': name,
File "/home/vagrant/workspace/expenses/venv/local/lib/python2.7/site-packages/django_tastypie-0.9.15-py2.7.egg/tastypie/api.py" in _build_reverse_url
166. return reverse(name, args=args, kwargs=kwargs)
File "/home/vagrant/workspace/expenses/venv/local/lib/python2.7/site-packages/Django-1.5-py2.7.egg/django/core/urlresolvers.py" in reverse
496. return iri_to_uri(resolver._reverse_with_prefix(view, prefix, *args, **kwargs))
File "/home/vagrant/workspace/expenses/venv/local/lib/python2.7/site-packages/Django-1.5-py2.7.egg/django/core/urlresolvers.py" in _reverse_with_prefix
416. "arguments '%s' not found." % (lookup_view_s, args, kwargs))

Exception Type: NoReverseMatch at /api/v1/
Exception Value: Reverse for 'api_dispatch_list' with arguments '()' and keyword arguments '{'api_name': u'v1', 'resource_name': 'user'}' not found.

它正在尝试到达丢失的列表端点。我该如何摆脱它?

谢谢。


感谢 Rudy 的指导,我得到了以下结果:

class UserResource(ModelResource):
class Meta:
queryset = User.objects.all()
fields = ['email', 'name']
authentication = MultiAuthentication(SessionAuthentication(), BasicAuthentication())
authorization = Authorization()
list_allowed_methods = []
detail_allowed_methods = ['get']

def dispatch_list(self, request, **kwargs):
return self.dispatch_detail(request, **kwargs)

def obj_get(self, bundle, **kwargs):
'''
Always returns the logged in user.
'''
return bundle.request.user

def get_resource_uri(self, bundle_or_obj=None, url_name='api_dispatch_list'):
bundle_or_obj = None
try:
return self._build_reverse_url(url_name, kwargs=self.resource_uri_kwargs(bundle_or_obj))
except NoReverseMatch:
return ''

最佳答案

您应该使用自定义授权类来阻止列表端点并优雅地引发错误,而不是将 URL 一起删除,这样它仍然可以很好地与 Tastypie 配合使用。

class UserObjectsOnlyAuthorization(Authorization):
def read_list(self, object_list, bundle):
raise Unauthorized("Sorry, no list reads.")

def read_detail(self, object_list, bundle):
# Is the requested object the user?
return bundle.obj == bundle.request.user

def create_list(self, object_list, bundle):
raise Unauthorized("Sorry, no creates.")

def create_detail(self, object_list, bundle):
raise Unauthorized("Sorry, no creates.")

def update_list(self, object_list, bundle):
raise Unauthorized("Sorry, no updates.")

def update_detail(self, object_list, bundle):
raise Unauthorized("Sorry, no updates.")

def delete_list(self, object_list, bundle):
# Sorry user, no deletes for you!
raise Unauthorized("Sorry, no deletes.")

def delete_detail(self, object_list, bundle):
raise Unauthorized("Sorry, no deletes.")

编辑:

如果您想强制此 API 始终是“详细信息”请求,那么您可以覆盖 Tastypie 的内置函数。基本上,如果您在 URL 中指定一个 ID,那么 tastypie 会将其路由为一个 _detail 请求,如果您不这样做,它会将其路由为一个 _list 请求。如果您覆盖检测到这一点的调度函数,您可以将对此资源的所有请求更改为 _detail 并指定主键是什么来查找您的用户。这可能有点 hacky,但会完成你想要的:

def dispatch(self, request_type, request, **kwargs):
# Force this to be a single User object
return super(UserResource, self).dispatch('detail', request, **kwargs)

def get_detail(self, request, **kwargs):
# Place the authenticated user's id in the get detail request
kwargs['id'] = request.user.pk
return super(UserResource, self).get_detail(request, **kwargs)

关于python - 从 tastypie 上的资源中删除列表端点,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/16578123/

26 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com