当我收到 POST
对 Django REST 框架的请求 APIView
类,我想过滤/验证传递的参数以防止它们被修改。例如,对于这个序列化程序:
class MediaSerializer(serializers.ModelSerializer):
class Meta:
model = Media
fields = ('id', 'title', 'content', 'url', 'createdByUser', 'karma', 'type', 'issue', 'creationDate', 'updatedDate')
一些参数如id
, creationDate
或 createdByUser
不应该被修改。所以对于我的类(class) class MediaDetail(APIView)
我有:def validateRequest(self):
user = self.request.data.get('createdByUser', None)
karma = self.request.data.get('karma', None)
creationDate = self.request.data.get('creationDate', None)
if user is not None or karma is not None or creationDate is not None:
return Response(status=status.HTTP_400_BAD_REQUEST)
@method_decorator(login_required)
def post(self, request, pk, format=None):
self.validateRequest()
media = self.get_object(pk)
self._throwIfNotMediaAuthor(media, request.user)
serializer = MediaSerializer(media, data=request.data)
if serializer.is_valid():
# serializer.save()
return Response(serializer.data)
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
有没有更好的方法来进行这种验证?也许在序列化器上?我找不到足够的文档。
最佳答案
是的,您可以使用 read_only_fields
序列化程序的参数 Meta
.
关于如何在当前 View 中使用的示例(假设您想在 POST
时根据 REST's guidelines 创建一个对象,对其稍作修改):
class MediaSerializer(serializers.ModelSerializer):
class Meta:
model = Media
read_only_fields = ('id', 'karma', 'createdByUser', 'creationDate')
...
@method_decorator(login_required)
def post(self, request, pk, format=None):
serializer = MediaSerializer(data=request.data)
serializer.is_valid(raise_exception=True)
serializer.save(createdByUser=request.user, creationDate=timezone.now().date(), karma=initial_value)
return Response(serializer.data, status=status.HTTP_201_CREATED)
关于python - Django rest 框架验证 POST 请求参数的最佳方式,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/54867133/