--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django...@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/875eb467-9cd2-492b-9aea-e311bb3da022%40googlegroups.com.
Hi Fernando,In DRF even with token authentication you will be able to get the currently logged in user via the user object on the request. So request.user will be the user doing the request.If you for example want to have an endpoint that is for the current user you could just check the request.user to see which user is doing the request. Then you don't need to use the id from the url.
Regards,Andréas
2018-07-27 16:36 GMT+02:00 Fernando Miranda <fndmi...@gmail.com>:
I think I understood about the rest, the right one to edit for example would be to have the route of type PUT passing the token OAuth2 in the route and there I look for the user owner of the token? Or the user ID and check if the authenticated user is the same as the last ID?
Em sexta-feira, 27 de julho de 2018 08:10:19 UTC-3, Jason escreveu:you can probably do this with overriding a few things, but for me, your use case has some major problems. you're effectively breaking away from the basics of REST.If you want to implement some sort of non-sequential identifiers for users/resources, use UUIDs. Any token passed in the headers should be used for auth only, not contain explicit routing values.
On Thursday, July 26, 2018 at 4:10:55 PM UTC-4, Fernando Miranda wrote:Hello, I'm using Django Rest Framework, I was wondering if you have how to change the default url of an endpoint in a view? In case it is a view of account where I wanted the retrieve method to be without / {id} this also for the delete and edit because I will identify the user by the token passed in the header.
--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users...@googlegroups.com.
To post to this group, send email to django...@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
from rest_framework import generics, mixins, permissions
User = get_user_model()
class UserProfileChangeAPIView(generics.RetrieveAPIView,
mixins.DestroyModelMixin,
mixins.UpdateModelMixin):
permission_classes = (
permissions.IsAuthenticated,
)
serializer_class = UserProfileChangeSerializer
def get_object(self):
return self.request.user
def delete(self, request, *args, **kwargs):
return self.destroy(request, *args, **kwargs)
def put(self, request, *args, **kwargs):
return self.update(request, *args, **kwargs)
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django...@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/554e0c24-29d7-474a-982b-cb40838b2b14%40googlegroups.com.
Andréas
its not a url, its a http verb. rely on those for API requests.and it would be a user ID for that request. if you're using oauth tokens, that should be handled in your view authenticator, not the view itself
--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django...@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/c36b4a7e-3c53-4805-9e45-35e22eb20357%40googlegroups.com.
For the view that I wrote, you won't need an id in the request or on the url at all. It uses the currently logged in user for all of the requests.You will need to pass some kind of token in the request - so that you know which user is logged in.But the url could be something like this:urlpatterns = [path('/profile', views.UserProfileChangeAPIView.as_view(), name='profile'),]That way the /profile url would be used for the view.
Regards,Andréas
2018-07-30 17:35 GMT+02:00 Jason <jjohn...@gmail.com>:
its not a url, its a http verb. rely on those for API requests.and it would be a user ID for that request. if you're using oauth tokens, that should be handled in your view authenticator, not the view itself
--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users...@googlegroups.com.
To post to this group, send email to django...@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
well, it was said early on you were avoiding good practices and established convention with this, so I'm not surprised its not being incorporated into the auto-generated api docs.
--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users...@googlegroups.com.
To post to this group, send email to django...@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/9e9121fe-7bf3-448d-a7da-10c253ba8cc7%40googlegroups.com.
well, it was said early on you were avoiding good practices and established convention with this, so I'm not surprised its not being incorporated into the auto-generated api docs.
--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users...@googlegroups.com.
To post to this group, send email to django...@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/9e9121fe-7bf3-448d-a7da-10c253ba8cc7%40googlegroups.com.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django...@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/ffa8dcc5-1d52-4c71-b811-40c9b16c4042%40googlegroups.com.