删除对象tastypie

Question

我有以下型号：

class Poster(models.Model) 
    user = models.OneToOneField(User, primary=True) 
    userpicture = models.CharField(max_length = 128 =True) 

class Posts(models.Model) 
    poster = models.ForeignKey(Poster, related_name = 'post_owner') 
    url = models.CharField(max_length = 128) 
    time = models.DateTimeField(auto_now_add=True) 

class Comment(models.Model): 
    user = models.ForeignKey(Poster) 
    post = models.ForeignKey(Posts) 
    time = models.DateTimeField(auto_now_add=True) 
    comment = models.CharField(max_length=140) 

海报可以使桩和其他海报可以对信息发表评论。有点像博客的作品。我想这样做是为了让帖子所有者可以选择删除他自己的评论和其他帖子对他帖子的评论。

我该如何去做这件事？

我目前正在使用Django Tastypie。这是我当前的资源：

class DeleteComment(ModelResource): 
    class Meta: 
      queryset = Comment.objects.all() 
      allowed_methods = ['delete'] 
      resource_name = 'comment-delete' 
      excludes = ['id', 'comment', 'post', 'time'] 
      authorization = Authorization() 
      authentication = BasicAuthentication() 
      include_resource_uri = False 
      always_return_data = True 

但是，这工作！这允许任何用户删除任何评论，即使它不是自己的不好！怎么样？

通过简单地发送一个DELETE 请求：myapp.com:8000/v1/posts/comment-delete/ /它会删除该具有ID的的注释对象。这是设置失败的地方。

我需要一种方式，只有帖子的帖子所有者可以删除他的评论和其他人在他帖子上的评论。

Answer 1

如在tastyie cookbook中所述。也许你可以这样做：

class DeleteComment(ModelResource): 

    def obj_delete(self, bundle, **kwargs): 
     # get post id 
     comment = Comment.objects.get(pk=bundle.data.id) # or or whatever way you can get the id 
     # delete all comments with that post id 
     Comment.objects.filter(post=comment.post).delete() 
     return super(DeleteComment, self).obj_delete(bundle, user=bundle.request.user) 

    def apply_authorization_limits(self, request, object_list): 
     return object_list.filter(user=request.user) 

Answer 2

这是最好的执行Authorization。

您需要实现delete_detail方法返回真或假，例如：

def delete_detail(self, object_list, bundle): 
    return bundle.obj.user == bundle.request.user