diff options
| author | Pavel Savchenko | 2012-10-31 00:37:30 +0200 |
|---|---|---|
| committer | Pavel Savchenko | 2012-10-31 00:37:30 +0200 |
| commit | a3ace366db4c664c88bf76b10b40b4c576c130dd (patch) | |
| tree | e09ee831ac534f2b410c4ea9615cc67a219f558c /docs/tutorial/4-authentication-and-permissions.md | |
| parent | 166025c0fcd0cfdcac1dbcbf31dbfc1d43f666b4 (diff) | |
| download | django-rest-framework-a3ace366db4c664c88bf76b10b40b4c576c130dd.tar.bz2 | |
using 'pk' in fields throws KeyError
add missing imports
Browsable API seems to be working fine with FBV's (2.0.0)
removing snippets from the URI doesn't make sense
remain consistent in using SnippetDetail
Diffstat (limited to 'docs/tutorial/4-authentication-and-permissions.md')
| -rw-r--r-- | docs/tutorial/4-authentication-and-permissions.md | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/docs/tutorial/4-authentication-and-permissions.md b/docs/tutorial/4-authentication-and-permissions.md index b0ed8f2a..f85250be 100644 --- a/docs/tutorial/4-authentication-and-permissions.md +++ b/docs/tutorial/4-authentication-and-permissions.md @@ -59,7 +59,7 @@ Now that we've got some users to work with, we'd better add representations of t class Meta: model = User - fields = ('pk', 'username', 'snippets') + fields = ('id', 'username', 'snippets') Because `'snippets'` is a *reverse* relationship on the User model, it will not be included by default when using the `ModelSerializer` class, so we've needed to add an explicit field for it. @@ -85,7 +85,7 @@ Right now, if we created a code snippet, there'd be no way of associating the us The way we deal with that is by overriding a `.pre_save()` method on our snippet views, that allows us to handle any information that is implicit in the incoming request or requested URL. -On **both** the `SnippetList` and `SnippetInstance` view classes, add the following method: +On **both** the `SnippetList` and `SnippetDetail` view classes, add the following method: def pre_save(self, obj): obj.owner = self.request.user @@ -112,7 +112,11 @@ Now that code snippets are associated with users we want to make sure that only REST framework includes a number of permission classes that we can use to restrict who can access a given view. In this case the one we're looking for is `IsAuthenticatedOrReadOnly`, which will ensure that authenticated requests get read-write access, and unauthenticated requests get read-only access. -Add the following property to **both** the `SnippetList` and `SnippetInstance` view classes. +First add the following import in the views module + + from rest_framework import permissions + +Then, add the following property to **both** the `SnippetList` and `SnippetDetail` view classes. permission_classes = (permissions.IsAuthenticatedOrReadOnly,) @@ -169,7 +173,7 @@ In the snippets app, create a new file, `permissions.py` # Write permissions are only allowed to the owner of the snippet return obj.owner == request.user -Now we can add that custom permission to our snippet instance endpoint, by editing the `permission_classes` property on the `SnippetInstance` class: +Now we can add that custom permission to our snippet instance endpoint, by editing the `permission_classes` property on the `SnippetDetail` class: permission_classes = (permissions.IsAuthenticatedOrReadOnly, IsOwnerOrReadOnly,) |