Django Rest Framework - 用户字段不能为空

Question

我正在学习 Django 和 Django Rest Framework 来创建 API，但当我运行此命令时无法理解为什么:

http --json POST http://127.0.0.1:8000/api/v1/stocks/ book_code='Abook' 'Authorization: Token 123243434354353'

我收到一条错误消息:

HTTP/1.0 400 Bad Request
Allow: GET, POST, HEAD, OPTIONS
Content-Type: application/json
Date: Thu, 25 May 2017 19:16:37 GMT
Server: WSGIServer/0.2 CPython/3.6.0
Vary: Accept
X-Frame-Options: SAMEORIGIN {
    "user": [
        "This field is required."
    ]}

“用户”字段是必需的，但我希望它根据我提供的 token (即经过身份验证的用户)填充用户。

这是bookstock/models.py:

from django.db import models
from django.contrib.auth.models import User

class Stock(models.Model):
'''
Model representing the stock info.
'''
user = models.ForeignKey(User)
book_code = models.CharField(max_length=14, null=True, blank=True)

def __str__(self):
    return self.book_code

这是api/serializer.py:

from bookstock.models import Stock
from rest_framework import serializers

class StockSerializer(serializers.ModelSerializer):

    class Meta:
        model = Stock
        fields = ('id', 'user', 'book_code')

这是api/views.py:

from rest_framework import generics
from bookstock.models import Stock
from api.serializers import StockSerializer
from rest_framework.permissions import IsAuthenticated

class StockList(generics.ListCreateAPIView):
    serializer_class = StockSerializer
    permission_classes = (IsAuthenticated,)

    def get_queryset(self):
        user = self.request.user
        return Stock.objects.filter(user=user)

    def perform_create(self, serializer):
        serializer.save(user=self.request.user, )

    def perform_update(self, serializer):
        serializer.save(user=self.request.user)

这是api/urls.py:

from django.conf.urls import url, include
from api import views
from rest_framework.authtoken.views import obtain_auth_token

urlpatterns = [
    url(r'^v1/stocks/$', views.StockList.as_view()),
    url(r'^v1/api-token-auth/', obtain_auth_token),
    url(r'v1/api-auth/', include('rest_framework.urls', namespace='rest_framework')),

]

我错过了什么？根据SO的答案，perform_create和perform_update覆盖应该填充用户，对吧？

Answer 1

perform_create 方法由 View 的 create 方法在序列化器验证后调用。在此阶段，DRF 将找到并标记丢失的用户字段: https://github.com/encode/django-rest-framework/blob/master/rest_framework/mixins.py#L14

有多种方法可以解决这个问题，即将序列化器字段设置为 read_only=True 或覆盖序列化器上的 validate_user 方法。

我认为最优雅的方式是使用 DRF 的 currentuserdefault 验证器:http://www.django-rest-framework.org/api-guide/validators/#currentuserdefault

user = serializers.HiddenField(default=serializers.CurrentUserDefault())

(将 HiddenField 替换为 CharField 或您喜欢的任何内容)