Change the default route of a view
60 views
Skip to first unread message
Fernando Miranda
Jul 26, 2018, 4:10:55 PM7/26/18
to Django users
Hello, I'm using Django Rest Framework, I was wondering if you have how to change the default url of an endpoint in a view? In
case it is a view of account where I wanted the retrieve method to be
without / {id} this also for the delete and edit because I will identify
the user by the token passed in the header.
Jason
Jul 27, 2018, 7:10:19 AM7/27/18
to Django users
you can probably do this with overriding a few things, but for me, your use case has some major problems. you're effectively breaking away from the basics of REST.
If you want to implement some sort of non-sequential identifiers for users/resources, use UUIDs. Any token passed in the headers should be used for auth only, not contain explicit routing values.
Fernando Miranda
Jul 27, 2018, 10:36:52 AM7/27/18
to Django users
I think I
understood about the rest, the right one to edit for example would be to
have the route of type PUT passing the token OAuth2 in the route and
there I look for the user owner of the token? Or the user ID and check if the authenticated user is the same as the last ID?
Andréas Kühne
Jul 27, 2018, 11:23:24 AM7/27/18
to django...@googlegroups.com
Hi Fernando,
In DRF even with token authentication you will be able to get the currently logged in user via the user object on the request. So request.user will be the user doing the request.
If you for example want to have an endpoint that is for the current user you could just check the request.user to see which user is doing the request. Then you don't need to use the id from the url.
Regards,
Andréas
--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django...@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/875eb467-9cd2-492b-9aea-e311bb3da022%40googlegroups.com.
Fernando Miranda
Jul 27, 2018, 1:49:38 PM7/27/18
to Django users
Hi Andrea,
So, I'm getting the user that way, I'm in doubt is how to mount the routes to an account view, where you have the retrieve, update and delete of the current user.
So, I'm getting the user that way, I'm in doubt is how to mount the routes to an account view, where you have the retrieve, update and delete of the current user.
Em sexta-feira, 27 de julho de 2018 12:23:24 UTC-3, Andréas Kühne escreveu:
Hi Fernando,In DRF even with token authentication you will be able to get the currently logged in user via the user object on the request. So request.user will be the user doing the request.If you for example want to have an endpoint that is for the current user you could just check the request.user to see which user is doing the request. Then you don't need to use the id from the url.
Regards,Andréas
2018-07-27 16:36 GMT+02:00 Fernando Miranda <fndmi...@gmail.com>:
I think I understood about the rest, the right one to edit for example would be to have the route of type PUT passing the token OAuth2 in the route and there I look for the user owner of the token? Or the user ID and check if the authenticated user is the same as the last ID?
Em sexta-feira, 27 de julho de 2018 08:10:19 UTC-3, Jason escreveu:you can probably do this with overriding a few things, but for me, your use case has some major problems. you're effectively breaking away from the basics of REST.If you want to implement some sort of non-sequential identifiers for users/resources, use UUIDs. Any token passed in the headers should be used for auth only, not contain explicit routing values.
On Thursday, July 26, 2018 at 4:10:55 PM UTC-4, Fernando Miranda wrote:Hello, I'm using Django Rest Framework, I was wondering if you have how to change the default url of an endpoint in a view? In case it is a view of account where I wanted the retrieve method to be without / {id} this also for the delete and edit because I will identify the user by the token passed in the header.
--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users...@googlegroups.com.
To post to this group, send email to django...@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
Andréas Kühne
Jul 29, 2018, 3:50:25 AM7/29/18
to django...@googlegroups.com
If you are using DRF with normal URLs you just create a view that inherits from the delete, update and retrieve mixins. Something like this should work:
from rest_framework import generics, mixins, permissions
User = get_user_model()
class UserProfileChangeAPIView(generics.RetrieveAPIView,
mixins.DestroyModelMixin,
mixins.UpdateModelMixin):
permission_classes = (
permissions.IsAuthenticated,
)
serializer_class = UserProfileChangeSerializer
def get_object(self):
return self.request.user
def delete(self, request, *args, **kwargs):
return self.destroy(request, *args, **kwargs)
def put(self, request, *args, **kwargs):
return self.update(request, *args, **kwargs)
You need to import the get_user_model and the UserProdilfChangeSerializer (or whatever you called your serializer for the profile).
Regards,
Andréas
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django...@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/554e0c24-29d7-474a-982b-cb40838b2b14%40googlegroups.com.
Fernando Miranda
Jul 30, 2018, 9:59:25 AM7/30/18
to Django users
Andréas, but in this case what is the PUT url for example, with profile / {id}? And in the id parameter you pass the userid or token of OAuth2?
Thank you
Thank you
Andréas
Jason
Jul 30, 2018, 11:35:08 AM7/30/18
to Django users
its not a url, its a http verb. rely on those for API requests.
and it would be a user ID for that request. if you're using oauth tokens, that should be handled in your view authenticator, not the view itself
Andréas Kühne
Jul 31, 2018, 5:03:28 AM7/31/18
to django...@googlegroups.com
For the view that I wrote, you won't need an id in the request or on the url at all. It uses the currently logged in user for all of the requests.
You will need to pass some kind of token in the request - so that you know which user is logged in.
But the url could be something like this:
urlpatterns = [
path('/profile', views.UserProfileChangeAPIView.as_view(), name='profile'),
]
That way the /profile url would be used for the view.
Regards,
Andréas
2018-07-30 17:35 GMT+02:00 Jason <jjohn...@gmail.com>:
its not a url, its a http verb. rely on those for API requests.and it would be a user ID for that request. if you're using oauth tokens, that should be handled in your view authenticator, not the view itself
--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django...@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/c36b4a7e-3c53-4805-9e45-35e22eb20357%40googlegroups.com.
Fernando Miranda
Aug 4, 2018, 8:44:04 PM8/4/18
to Django users
Andréas, that's exactly what I want, but it does not show up in swagger or api docs. Another
question I am still is whether by good practices and or convensions the
restful pattern should I always pass the id in the url to detail, or
can I do what I am wanting, anyone would know?
Em terça-feira, 31 de julho de 2018 06:03:28 UTC-3, Andréas Kühne escreveu:
For the view that I wrote, you won't need an id in the request or on the url at all. It uses the currently logged in user for all of the requests.You will need to pass some kind of token in the request - so that you know which user is logged in.But the url could be something like this:urlpatterns = [path('/profile', views.UserProfileChangeAPIView.as_view(), name='profile'),]That way the /profile url would be used for the view.
Regards,Andréas
2018-07-30 17:35 GMT+02:00 Jason <jjohn...@gmail.com>:
its not a url, its a http verb. rely on those for API requests.and it would be a user ID for that request. if you're using oauth tokens, that should be handled in your view authenticator, not the view itself
--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users...@googlegroups.com.
To post to this group, send email to django...@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
Jason
Aug 5, 2018, 6:25:00 AM8/5/18
to Django users
well, it was said early on you were avoiding good practices and established convention with this, so I'm not surprised its not being incorporated into the auto-generated api docs.
Muhammad Ibrahim
Aug 5, 2018, 8:08:46 AM8/5/18
to django...@googlegroups.com
please can you elaborate . Am just a beginner
On Sun, 05 Aug 2018, 11:25 AM Jason <jjohn...@gmail.com> wrote:
well, it was said early on you were avoiding good practices and established convention with this, so I'm not surprised its not being incorporated into the auto-generated api docs.
--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users...@googlegroups.com.
To post to this group, send email to django...@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/9e9121fe-7bf3-448d-a7da-10c253ba8cc7%40googlegroups.com.
Muhammad Ibrahim
Aug 5, 2018, 8:08:49 AM8/5/18
to django...@googlegroups.com
Am using django 2.1
On Sun, 05 Aug 2018, 11:25 AM Jason <jjohn...@gmail.com> wrote:
well, it was said early on you were avoiding good practices and established convention with this, so I'm not surprised its not being incorporated into the auto-generated api docs.
--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users...@googlegroups.com.
To post to this group, send email to django...@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/9e9121fe-7bf3-448d-a7da-10c253ba8cc7%40googlegroups.com.
Andréas Kühne
Aug 6, 2018, 4:34:11 AM8/6/18
to django...@googlegroups.com
Hi,
Are you logged in when creating the swagger docs? Because it will not show up when not logged in....
Regards,
Andréas
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django...@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/ffa8dcc5-1d52-4c71-b811-40c9b16c4042%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages