Django的tastypie填充字段

Question

假设我有：

models.py

class Books(models.Model): 
    owner = models.ForeignKey(User) 
    title = models.CharField(max_length = 100) 

api.py

class UserResource(ModelResource): 
    #blhblahblah as usual 

class BooksResource(ModelResource): 

    owner= fields.ToOneField(UserResource, 'owner') 

    class Meta: 
     queryset = Books.objects.all() 
     authorizarion = Authorization() 

然后，我发出：

curl --dump-header - -H "Content-Type: application/json" -X POST --data "{\"owner\" : \"/api/v1/user/1/\", \"title\" : \"foo\"}" http://localhost:8000/api/data/album/

，它的工作，我得到了我的新Books

然后我尝试添加该到BooksResource

def hydrate_owner(self, bundle): 
    bundle.obj.owner = User.objects.get(pk = bundle.request.user.id) 
    return bundle 

当我没有\"owner\" : \"/api/v1/user/1/\"再做curl摆脱\"owner\" : \"/api/v1/user/1/\"，响应404 not found

然后我尝试不同的方法：

def obj_create(self, bundle, request = None, **kwargs): 
    return super(BooksResource, self).obj_create(bundle, request, owner = User.objects.get(pk = request.user.id)) 

或

def obj_create(self, bundle, request = None, **kwargs): 
    return super(BooksResource, self).obj_create(bundle, request, owner = User.objects.get(pk = bundle.request.user.id)) 

我仍然得到404 not found

能家伙帮我吗？

Answer 1

卫生署，显然这是我愚蠢的错误，

class BooksResource(ModelResource): 

    owner= fields.ToOneField(UserResource, 'owner') 

    class Meta: 
     queryset = Books.objects.all() 
     authorizarion = Authorization() 

     def hydrate_owner(self, bundle): 
      bundle.obj.owner = bundle.request.user.id 
      return bundle 

的错误是压痕！ hydrate_owner假设是BooksResource方法，所以我改变了代码一点，它的工作原理：

class BooksResource(ModelResource): 

    owner= fields.ToOneField(UserResource, 'owner') 

    class Meta: 
     queryset = Books.objects.all() 
     authorizarion = Authorization() 

    def hydrate_owner(self, bundle): 
     bundle.data['owner'] = User.objects.get(pk = bundle.request.user.pk) 
     return bundle 

Answer 2

我开始下来的路径设置为新对象业主这条道路，但这样做的授权检查时上我陷入了麻烦更新请求（去单元测试！）。

设定： 对象A - 从用户Y由用户X 更新请求资修改对象A（其应该失败）

的修改请求的对象A进来以饼图美味从用户Y和水合物覆盖将在物体A的工作副本中将所有者设置为Y.

接下来将请求发送到我的授权对象以检查用户Y是否可以修改对象。我的授权代码在对象中查找，并看到对象的所有者字段为Y，所以我们很好。哎呀！安全漏洞！

我决定做的是重写ResourceModel中的obj_create（）并在那里进行赋值。到现在为止还挺好！

例如

class SmApiNewsItem(ModelResource): 
 
    owner = fields.ForeignKey(SmApiUser, 'owner') 
 
    
 
    class Meta: 
 
     if SMARF_AUTH_ON: 
 
      authentication = ApiKeyAuthentication() 
 
     authorization = ScsGdnAuthVisibleToAllEditOnlyByOwner() 
 
     queryset = SmModelNewsItems.objects.all() 
 
     resource_name = 'news_item' 
 
     filtering = smMakeFilterAllFieldsFilter(SmModelNewsItems) 
 
     ordering = smMakeOrderingFieldList(SmModelNewsItems) 
 
     serializer = SmarfSerializer() 
 

 
    def obj_create(self, bundle, **kwargs): 
 
     bundle.data["owner"] = bundle.request.user 
 
     return super(SmApiNewsItem, self).obj_create(bundle, **kwargs)