Updating foreign key
82 views
Skip to first unread message
Stats Student
Jan 3, 2021, 2:35:20 AM1/3/21
to django-res...@googlegroups.com
Hi, I have a basic one-to-many foreign key relationship (each product
has a company associated with it, one company can have multiple
products). I do not specify an explicit serializer relation for this
field (e.g. PrimaryKeyRelatedField) so it's using the FK definition
from the models ( company = models.ForeignKey(Company, models.CASCADE,
blank=True, null=True) )
I have overridden the .create() method in the Product serializer
(inherits from ModelSerializer) to use the company name that's passed
in, to look up the relevant ID (or create a new record) and assign it
to " validated_data['company'] = company_obj " and it works fine.
However, on the update (PATCH) where I also pass in the company name,
I get a validation error saying that it expects a primary key instead
of the name ("Incorrect type. Expected pk value, received str"). I
have added breakpoints in .update() and .partial_update() of the
Product serializer but the error seems to come from an earlier
validation routine. Could someone suggest where I can intercept the
validation process to translate the company name into an object and
put in validated_data['company'] , the same way I am doing in
.create() ?
I tried adding a field level validation, but that doesn't seem to make
a difference.
def validate_company(self, value):
c, created = Company.objects.get_or_create(name = value)
return c
TIA
has a company associated with it, one company can have multiple
products). I do not specify an explicit serializer relation for this
field (e.g. PrimaryKeyRelatedField) so it's using the FK definition
from the models ( company = models.ForeignKey(Company, models.CASCADE,
blank=True, null=True) )
I have overridden the .create() method in the Product serializer
(inherits from ModelSerializer) to use the company name that's passed
in, to look up the relevant ID (or create a new record) and assign it
to " validated_data['company'] = company_obj " and it works fine.
However, on the update (PATCH) where I also pass in the company name,
I get a validation error saying that it expects a primary key instead
of the name ("Incorrect type. Expected pk value, received str"). I
have added breakpoints in .update() and .partial_update() of the
Product serializer but the error seems to come from an earlier
validation routine. Could someone suggest where I can intercept the
validation process to translate the company name into an object and
put in validated_data['company'] , the same way I am doing in
.create() ?
I tried adding a field level validation, but that doesn't seem to make
a difference.
def validate_company(self, value):
c, created = Company.objects.get_or_create(name = value)
return c
TIA
Carl Nobile
Jan 3, 2021, 10:16:13 AM1/3/21
to django-res...@googlegroups.com
First, never use the PK that Django generates as a way to access a record through an API. These types of PKs are a numeric sequence and can leave your site open to sequence attacks where an attacker tries a long series of numbers to access all or many of your records. Use a public ID of some sort, you can use a UUID or generate your own complex ID.
There should be no reason you should not be able to access a record with a company name. There is nothing in Django or DRF that would prevent that. You must have something in your code that is preventing it.
~Carl
--
You received this message because you are subscribed to the Google Groups "Django REST framework" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-rest-fram...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-rest-framework/CAMZO7wJT7-OyjxRdubPKOAzZk15iGOdSw_stLaDra%3DyHipqPLg%40mail.gmail.com.
-------------------------------------------------------------------------------
Carl J. Nobile (Software Engineer)
carl....@gmail.com
-------------------------------------------------------------------------------
Carl J. Nobile (Software Engineer)
carl....@gmail.com
-------------------------------------------------------------------------------
Lakshman Kumar
Jan 3, 2021, 11:06:28 AM1/3/21
to django-res...@googlegroups.com
Hi,
Please let me know how to write create methods in class based views. In X table contains A, B, C, D foreign keys.example
Class X(models.Model) :
a=models.ForeignKey(A, on_delete=models.CASCADE)
B=fk
C=fk
D=fk
Thanks and regards.
Lakshman
You received this message because you are subscribed to a topic in the Google Groups "Django REST framework" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/django-rest-framework/bAPSXq2RmY8/unsubscribe.
To unsubscribe from this group and all its topics, send an email to django-rest-fram...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-rest-framework/CAGQqDQL2LSgTFsOcWVmvAytwuJNRogtdRh%2B5ZrrMu%2BqgNbA8jg%40mail.gmail.com.
Stats Student
Jan 6, 2021, 11:45:38 AM1/6/21
to django-res...@googlegroups.com
My endpoints all require authentication and each user only has access to his/her data, so no issues with sequence attacks.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-rest-framework/CAGQqDQL2LSgTFsOcWVmvAytwuJNRogtdRh%2B5ZrrMu%2BqgNbA8jg%40mail.gmail.com.
Stats Student
Jan 6, 2021, 11:50:31 AM1/6/21
to django-res...@googlegroups.com
You can see an example of a create() here - https://www.django-rest-framework.org/api-guide/serializers/#writable-nested-representations
Also, make sure that you are submitting a properly nested json when making requests. So in their example where each comment has a foreign key to a user record, you need to reflect that in your Comment json, like so - {"content": "this is content", "user": { "username": "foo" } }
To view this discussion on the web visit https://groups.google.com/d/msgid/django-rest-framework/CAKUoA6S9D0MKS4Zn577Zrh-uYCRuR%2ByyfK%3DQQjiJYwM2kB_06Q%40mail.gmail.com.
Reply all
Reply to author
Forward
0 new messages