diff options
Diffstat (limited to 'docs/api-guide/serializers.md')
| -rw-r--r-- | docs/api-guide/serializers.md | 902 |
1 files changed, 713 insertions, 189 deletions
diff --git a/docs/api-guide/serializers.md b/docs/api-guide/serializers.md index a1f0853e..aad2236f 100644 --- a/docs/api-guide/serializers.md +++ b/docs/api-guide/serializers.md @@ -1,4 +1,4 @@ -<a class="github" href="serializers.py"></a> +source: serializers.py # Serializers @@ -10,48 +10,36 @@ will take some serious design work. Serializers allow complex data such as querysets and model instances to be converted to native Python datatypes that can then be easily rendered into `JSON`, `XML` or other content types. Serializers also provide deserialization, allowing parsed data to be converted back into complex types, after first validating the incoming data. -REST framework's serializers work very similarly to Django's `Form` and `ModelForm` classes. It provides a `Serializer` class which gives you a powerful, generic way to control the output of your responses, as well as a `ModelSerializer` class which provides a useful shortcut for creating serializers that deal with model instances and querysets. +The serializers in REST framework work very similarly to Django's `Form` and `ModelForm` classes. We provide a `Serializer` class which gives you a powerful, generic way to control the output of your responses, as well as a `ModelSerializer` class which provides a useful shortcut for creating serializers that deal with model instances and querysets. ## Declaring Serializers Let's start by creating a simple object we can use for example purposes: + from datetime import datetime + class Comment(object): def __init__(self, email, content, created=None): self.email = email self.content = content - self.created = created or datetime.datetime.now() - + self.created = created or datetime.now() + comment = Comment(email='leila@example.com', content='foo bar') -We'll declare a serializer that we can use to serialize and deserialize `Comment` objects. +We'll declare a serializer that we can use to serialize and deserialize data that corresponds to `Comment` objects. Declaring a serializer looks very similar to declaring a form: + from rest_framework import serializers + class CommentSerializer(serializers.Serializer): email = serializers.EmailField() content = serializers.CharField(max_length=200) created = serializers.DateTimeField() - def restore_object(self, attrs, instance=None): - """ - Given a dictionary of deserialized field values, either update - an existing model instance, or create a new model instance. - """ - if instance is not None: - instance.email = attrs.get('email', instance.email) - instance.content = attrs.get('content', instance.content) - instance.created = attrs.get('created', instance.created) - return instance - return Comment(**attrs) - -The first part of serializer class defines the fields that get serialized/deserialized. The `restore_object` method defines how fully fledged instances get created when deserializing data. - -The `restore_object` method is optional, and is only required if we want our serializer to support deserialization into fully fledged object instances. If we don't define this method, then deserializing data will simply return a dictionary of items. - ## Serializing objects -We can now use `CommentSerializer` to serialize a comment, or list of comments. Again, using the `Serializer` class looks a lot like using a `Form` class. +We can now use `CommentSerializer` to serialize a comment, or list of comments. Again, using the `Serializer` class looks a lot like using a `Form` class. serializer = CommentSerializer(comment) serializer.data @@ -59,38 +47,106 @@ We can now use `CommentSerializer` to serialize a comment, or list of comments. At this point we've translated the model instance into Python native datatypes. To finalise the serialization process we render the data into `json`. + from rest_framework.renderers import JSONRenderer + json = JSONRenderer().render(serializer.data) json # '{"email": "leila@example.com", "content": "foo bar", "created": "2012-08-22T16:20:09.822"}' ## Deserializing objects - -Deserialization is similar. First we parse a stream into Python native datatypes... - stream = StringIO(json) +Deserialization is similar. First we parse a stream into Python native datatypes... + + from django.utils.six import BytesIO + from rest_framework.parsers import JSONParser + + stream = BytesIO(json) data = JSONParser().parse(stream) -...then we restore those native datatypes into a fully populated object instance. +...then we restore those native datatypes into a dictionary of validated data. serializer = CommentSerializer(data=data) serializer.is_valid() # True - serializer.object - # <Comment object at 0x10633b2d0> - >>> serializer.deserialize('json', stream) + serializer.validated_data + # {'content': 'foo bar', 'email': 'leila@example.com', 'created': datetime.datetime(2012, 08, 22, 16, 20, 09, 822243)} + +## Saving instances + +If we want to be able to return complete object instances based on the validated data we need to implement one or both of the `.create()` and `update()` methods. For example: + + class CommentSerializer(serializers.Serializer): + email = serializers.EmailField() + content = serializers.CharField(max_length=200) + created = serializers.DateTimeField() -When deserializing data, we can either create a new instance, or update an existing instance. + def create(self, validated_data): + return Comment(**validated_data) - serializer = CommentSerializer(data=data) # Create new instance - serializer = CommentSerializer(comment, data=data) # Update `instance` + def update(self, instance, validated_data): + instance.email = validated_data.get('email', instance.email) + instance.content = validated_data.get('content', instance.content) + instance.created = validated_data.get('created', instance.created) + return instance -By default, serializers must be passed values for all required fields or they will throw validation errors. You can use the `partial` argument in order to allow partial updates. +If your object instances correspond to Django models you'll also want to ensure that these methods save the object to the database. For example, if `Comment` was a Django model, the methods might look like this: - serializer = CommentSerializer(comment, data={'content': u'foo bar'}, partial=True) # Update `instance` with partial data + def create(self, validated_data): + return Comment.objects.create(**validated_data) + + def update(self, instance, validated_data): + instance.email = validated_data.get('email', instance.email) + instance.content = validated_data.get('content', instance.content) + instance.created = validated_data.get('created', instance.created) + instance.save() + return instance + +Now when deserializing data, we can call `.save()` to return an object instance, based on the validated data. + + comment = serializer.save() + +Calling `.save()` will either create a new instance, or update an existing instance, depending on if an existing instance was passed when instantiating the serializer class: + + # .save() will create a new instance. + serializer = CommentSerializer(data=data) + + # .save() will update the existing `comment` instance. + serializer = CommentSerializer(comment, data=data) + +Both the `.create()` and `.update()` methods are optional. You can implement either neither, one, or both of them, depending on the use-case for your serializer class. + +#### Passing additional attributes to `.save()` + +Sometimes you'll want your view code to be able to inject additional data at the point of saving the instance. This additional data might include information like the current user, the current time, or anything else that is not part of the request data. + +You can do so by including additional keyword arguments when calling `.save()`. For example: + + serializer.save(owner=request.user) + +Any additional keyword arguments will be included in the `validated_data` argument when `.create()` or `.update()` are called. + +#### Overriding `.save()` directly. + +In some cases the `.create()` and `.update()` method names may not be meaningful. For example, in a contact form we may not be creating new instances, but instead sending an email or other message. + +In these cases you might instead choose to override `.save()` directly, as being more readable and meaningful. + +For example: + + class ContactForm(serializers.Serializer): + email = serializers.EmailField() + message = serializers.CharField() + + def save(self): + email = self.validated_data['email'] + message = self.validated_data['message'] + send_email(from=email, message=message) + +Note that in the case above we're now having to access the serializer `.validated_data` property directly. ## Validation -When deserializing data, you always need to call `is_valid()` before attempting to access the deserialized object. If any validation errors occur, the `.errors` property will contain a dictionary representing the resulting error messages. For example: +When deserializing data, you always need to call `is_valid()` before attempting to access the validated data, or save an object instance. If any validation errors occur, the `.errors` property will contain a dictionary representing the resulting error messages. For example: serializer = CommentSerializer(data={'email': 'foobar', 'content': 'baz'}) serializer.is_valid() @@ -98,17 +154,26 @@ When deserializing data, you always need to call `is_valid()` before attempting serializer.errors # {'email': [u'Enter a valid e-mail address.'], 'created': [u'This field is required.']} -Each key in the dictionary will be the field name, and the values will be lists of strings of any error messages corresponding to that field. The `non_field_errors` key may also be present, and will list any general validation errors. +Each key in the dictionary will be the field name, and the values will be lists of strings of any error messages corresponding to that field. The `non_field_errors` key may also be present, and will list any general validation errors. The name of the `non_field_errors` key may be customized using the `NON_FIELD_ERRORS_KEY` REST framework setting. When deserializing a list of items, errors will be returned as a list of dictionaries representing each of the deserialized items. +#### Raising an exception on invalid data + +The `.is_valid()` method takes an optional `raise_exception` flag that will cause it to raise a `serializers.ValidationError` exception if there are validation errors. + +These exceptions are automatically dealt with by the default exception handler that REST framework provides, and will return `HTTP 400 Bad Request` responses by default. + + # Return a 400 response if the data was invalid. + serializer.is_valid(raise_exception=True) + #### Field-level validation -You can specify custom field-level validation by adding `.validate_<fieldname>` methods to your `Serializer` subclass. These are analogous to `.clean_<fieldname>` methods on Django forms, but accept slightly different arguments. +You can specify custom field-level validation by adding `.validate_<field_name>` methods to your `Serializer` subclass. These are similar to the `.clean_<field_name>` methods on Django forms. -They take a dictionary of deserialized attributes as a first argument, and the field name in that dictionary as a second argument (which will be either the name of the field or the value of the `source` argument to the field, if one was provided). +These methods take a single argument, which is the field value that requires validation. -Your `validate_<fieldname>` methods should either just return the `attrs` dictionary or raise a `ValidationError`. For example: +Your `validate_<field_name>` methods should return the validated value or raise a `serializers.ValidationError`. For example: from rest_framework import serializers @@ -116,18 +181,17 @@ Your `validate_<fieldname>` methods should either just return the `attrs` dictio title = serializers.CharField(max_length=100) content = serializers.CharField() - def validate_title(self, attrs, source): + def validate_title(self, value): """ Check that the blog post is about Django. """ - value = attrs[source] - if "django" not in value.lower(): + if 'django' not in value.lower(): raise serializers.ValidationError("Blog post is not about Django") - return attrs + return value #### Object-level validation -To do any other validation that requires access to multiple fields, add a method called `.validate()` to your `Serializer` subclass. This method takes a single argument, which is the `attrs` dictionary. It should raise a `ValidationError` if necessary, or just return `attrs`. For example: +To do any other validation that requires access to multiple fields, add a method called `.validate()` to your `Serializer` subclass. This method takes a single argument, which is a dictionary of field values. It should raise a `ValidationError` if necessary, or just return the validated values. For example: from rest_framework import serializers @@ -136,24 +200,54 @@ To do any other validation that requires access to multiple fields, add a method start = serializers.DateTimeField() finish = serializers.DateTimeField() - def validate(self, attrs): + def validate(self, data): """ Check that the start is before the stop. """ - if attrs['start'] < attrs['finish']: + if data['start'] > data['finish']: raise serializers.ValidationError("finish must occur after start") - return attrs + return data + +#### Validators + +Individual fields on a serializer can include validators, by declaring them on the field instance, for example: + + def multiple_of_ten(value): + if value % 10 != 0: + raise serializers.ValidationError('Not a multiple of ten') + + class GameRecord(serializers.Serializer): + score = IntegerField(validators=[multiple_of_ten]) + ... + +Serializer classes can also include reusable validators that are applied to the complete set of field data. These validators are included by declaring them on an inner `Meta` class, like so: + + class EventSerializer(serializers.Serializer): + name = serializers.CharField() + room_number = serializers.IntegerField(choices=[101, 102, 103, 201]) + date = serializers.DateField() + + class Meta: + # Each room only has one event per day. + validators = UniqueTogetherValidator( + queryset=Event.objects.all(), + fields=['room_number', 'date'] + ) + +For more information see the [validators documentation](validators.md). -## Saving object state +## Accessing the initial data and instance -To save the deserialized objects created by a serializer, call the `.save()` method: +When passing an initial object or queryset to a serializer instance, the object will be made available as `.instance`. If no initial object is passed then the `.instance` attribute will be `None`. - if serializer.is_valid(): - serializer.save() +When passing data to a serializer instance, the unmodified data will be made available as `.initial_data`. If the data keyword argument is not passed then the `.initial_data` attribute will not exist. -The default behavior of the method is to simply call `.save()` on the deserialized object instance. You can override the default save behaviour by overriding the `.save_object(obj)` method on the serializer class. +## Partial updates -The generic views provided by REST framework call the `.save()` method when updating or creating entities. +By default, serializers must be passed values for all required fields or they will raise validation errors. You can use the `partial` argument in order to allow partial updates. + + # Update `comment` with partial data + serializer = CommentSerializer(comment, data={'content': u'foo bar'}, partial=True) ## Dealing with nested objects @@ -177,7 +271,7 @@ If a nested representation may optionally accept the `None` value you should pas content = serializers.CharField(max_length=200) created = serializers.DateTimeField() -Similarly if a nested representation should be a list of items, you should the `many=True` flag to the nested serialized. +Similarly if a nested representation should be a list of items, you should pass the `many=True` flag to the nested serialized. class CommentSerializer(serializers.Serializer): user = UserSerializer(required=False) @@ -185,101 +279,127 @@ Similarly if a nested representation should be a list of items, you should the ` content = serializers.CharField(max_length=200) created = serializers.DateTimeField() ---- +## Writable nested representations -**Note**: Nested serializers are only suitable for read-only representations, as there are cases where they would have ambiguous or non-obvious behavior if used when updating instances. For read-write representations you should always use a flat representation, by using one of the `RelatedField` subclasses. +When dealing with nested representations that support deserializing the data, an errors with nested objects will be nested under the field name of the nested object. ---- + serializer = CommentSerializer(data={'user': {'email': 'foobar', 'username': 'doe'}, 'content': 'baz'}) + serializer.is_valid() + # False + serializer.errors + # {'user': {'email': [u'Enter a valid e-mail address.']}, 'created': [u'This field is required.']} -## Dealing with multiple objects +Similarly, the `.validated_data` property will include nested data structures. -The `Serializer` class can also handle serializing or deserializing lists of objects. +#### Writing `.create()` methods for nested representations -#### Serializing multiple objects +If you're supporting writable nested representations you'll need to write `.create()` or `.update()` methods that handle saving multiple objects. -To serialize a queryset or list of objects instead of a single object instance, you should pass the `many=True` flag when instantiating the serializer. You can then pass a queryset or list of objects to be serialized. +The following example demonstrates how you might handle creating a user with a nested profile object. - queryset = Book.objects.all() - serializer = BookSerializer(queryset, many=True) - serializer.data - # [ - # {'id': 0, 'title': 'The electric kool-aid acid test', 'author': 'Tom Wolfe'}, - # {'id': 1, 'title': 'If this is a man', 'author': 'Primo Levi'}, - # {'id': 2, 'title': 'The wind-up bird chronicle', 'author': 'Haruki Murakami'} - # ] + class UserSerializer(serializers.ModelSerializer): + profile = ProfileSerializer() -#### Deserializing multiple objects for creation + class Meta: + model = User + fields = ('username', 'email', 'profile') -To deserialize a list of object data, and create multiple object instances in a single pass, you should also set the `many=True` flag, and pass a list of data to be deserialized. + def create(self, validated_data): + profile_data = validated_data.pop('profile') + user = User.objects.create(**validated_data) + Profile.objects.create(user=user, **profile_data) + return user -This allows you to write views that create multiple items when a `POST` request is made. +#### Writing `.update()` methods for nested representations -For example: +For updates you'll want to think carefully about how to handle updates to relationships. For example if the data for the relationship is `None`, or not provided, which of the following should occur? - data = [ - {'title': 'The bell jar', 'author': 'Sylvia Plath'}, - {'title': 'For whom the bell tolls', 'author': 'Ernest Hemingway'} - ] - serializer = BookSerializer(data=data, many=True) - serializer.is_valid() - # True - serializer.save() # `.save()` will be called on each deserialized instance +* Set the relationship to `NULL` in the database. +* Delete the associated instance. +* Ignore the data and leave the instance as it is. +* Raise a validation error. -#### Deserializing multiple objects for update +Here's an example for an `update()` method on our previous `UserSerializer` class. -You can also deserialize a list of objects as part of a bulk update of multiple existing items. -In this case you need to supply both an existing list or queryset of items, as well as a list of data to update those items with. + def update(self, instance, validated_data): + profile_data = validated_data.pop('profile') + # Unless the application properly enforces that this field is + # always set, the follow could raise a `DoesNotExist`, which + # would need to be handled. + profile = instance.profile -This allows you to write views that update or create multiple items when a `PUT` request is made. + instance.username = validated_data.get('username', instance.username) + instance.email = validated_data.get('email', instance.email) + instance.save() - # Capitalizing the titles of the books - queryset = Book.objects.all() - data = [ - {'id': 3, 'title': 'The Bell Jar', 'author': 'Sylvia Plath'}, - {'id': 4, 'title': 'For Whom the Bell Tolls', 'author': 'Ernest Hemingway'} - ] - serializer = BookSerializer(queryset, data=data, many=True) - serializer.is_valid() - # True - serialize.save() # `.save()` will be called on each updated or newly created instance. + profile.is_premium_member = profile_data.get( + 'is_premium_member', + profile.is_premium_member + ) + profile.has_support_contract = profile_data.get( + 'has_support_contract', + profile.has_support_contract + ) + profile.save() -By default bulk updates will be limited to updating instances that already exist in the provided queryset. + return instance -When performing a bulk update you may want to allow new items to be created, and missing items to be deleted. To do so, pass `allow_add_remove=True` to the serializer. +Because the behavior of nested creates and updates can be ambiguous, and may require complex dependancies between related models, REST framework 3 requires you to always write these methods explicitly. The default `ModelSerializer` `.create()` and `.update()` methods do not include support for writable nested representations. - serializer = BookSerializer(queryset, data=data, many=True, allow_add_remove=True) - serializer.is_valid() - # True - serializer.save() # `.save()` will be called on updated or newly created instances. - # `.delete()` will be called on any other items in the `queryset`. +It is possible that a third party package, providing automatic support some kinds of automatic writable nested representations may be released alongside the 3.1 release. -Passing `allow_add_remove=True` ensures that any update operations will completely overwrite the existing queryset, rather than simply updating existing objects. +#### Handling saving related instances in model manager classes -#### How identity is determined when performing bulk updates +An alternative to saving multiple related instances in the serializer is to write custom model manager classes handle creating the correct instances. -Performing a bulk update is slightly more complicated than performing a bulk creation, because the serializer needs a way to determine how the items in the incoming data should be matched against the existing object instances. +For example, suppose we wanted to ensure that `User` instances and `Profile` instances are always created together as a pair. We might write a custom manager class that looks something like this: -By default the serializer class will use the `id` key on the incoming data to determine the canonical identity of an object. If you need to change this behavior you should override the `get_identity` method on the `Serializer` class. For example: + class UserManager(models.Manager): + ... - class AccountSerializer(serializers.Serializer): - slug = serializers.CharField(max_length=100) - created = serializers.DateTimeField() - ... # Various other fields - - def get_identity(self, data): - """ - This hook is required for bulk update. - We need to override the default, to use the slug as the identity. - - Note that the data has not yet been validated at this point, - so we need to deal gracefully with incorrect datatypes. - """ - try: - return data.get('slug', None) - except AttributeError: - return None + def create(self, username, email, is_premium_member=False, has_support_contract=False): + user = User(username=username, email=email) + user.save() + profile = Profile( + user=user, + is_premium_member=is_premium_member, + has_support_contract=has_support_contract + ) + profile.save() + return user + +This manager class now more nicely encapsulates that user instances and profile instances are always created at the same time. Our `.create()` method on the serializer class can now be re-written to use the new manager method. + + def create(self, validated_data): + return User.objects.create( + username=validated_data['username'], + email=validated_data['email'] + is_premium_member=validated_data['profile']['is_premium_member'] + has_support_contract=validated_data['profile']['has_support_contract'] + ) + +For more details on this approach see the Django documentation on [model managers](model-managers), and [this blogpost on using model and manager classes](encapsulation-blogpost). + +## Dealing with multiple objects -To map the incoming data items to their corresponding object instances, the `.get_identity()` method will be called both against the incoming data, and against the serialized representation of the existing objects. +The `Serializer` class can also handle serializing or deserializing lists of objects. + +#### Serializing multiple objects + +To serialize a queryset or list of objects instead of a single object instance, you should pass the `many=True` flag when instantiating the serializer. You can then pass a queryset or list of objects to be serialized. + + queryset = Book.objects.all() + serializer = BookSerializer(queryset, many=True) + serializer.data + # [ + # {'id': 0, 'title': 'The electric kool-aid acid test', 'author': 'Tom Wolfe'}, + # {'id': 1, 'title': 'If this is a man', 'author': 'Primo Levi'}, + # {'id': 2, 'title': 'The wind-up bird chronicle', 'author': 'Haruki Murakami'} + # ] + +#### Deserializing multiple objects + +The default behavior for deserializing multiple objects is to support multiple object creation, but not support multiple object updates. For more information on how to support or customize either of these cases, see the [ListSerializer](#ListSerializer) documentation below. ## Including extra context @@ -291,30 +411,47 @@ You can provide arbitrary additional context by passing a `context` argument whe serializer.data # {'id': 6, 'owner': u'denvercoder9', 'created': datetime.datetime(2013, 2, 12, 09, 44, 56, 678870), 'details': 'http://example.com/accounts/6/details'} -The context dictionary can be used within any serializer field logic, such as a custom `.to_native()` method, by accessing the `self.context` attribute. +The context dictionary can be used within any serializer field logic, such as a custom `.to_representation()` method, by accessing the `self.context` attribute. --- # ModelSerializer -Often you'll want serializer classes that map closely to model definitions. -The `ModelSerializer` class lets you automatically create a Serializer class with fields that correspond to the Model fields. +Often you'll want serializer classes that map closely to Django model definitions. + +The `ModelSerializer` class provides a shortcut that lets you automatically create a `Serializer` class with fields that correspond to the Model fields. + +**The `ModelSerializer` class is the same as a regular `Serializer` class, except that**: + +* It will automatically generate a set of fields for you, based on the model. +* It will automatically generate validators for the serializer, such as unique_together validators. +* It includes simple default implementations of `.create()` and `.update()`. + +Declaring a `ModelSerializer` looks like this: class AccountSerializer(serializers.ModelSerializer): class Meta: model = Account -By default, all the model fields on the class will be mapped to corresponding serializer fields. +By default, all the model fields on the class will be mapped to a corresponding serializer fields. -Any relationships such as foreign keys on the model will be mapped to `PrimaryKeyRelatedField`. Other models fields will be mapped to a corresponding serializer field. +Any relationships such as foreign keys on the model will be mapped to `PrimaryKeyRelatedField`. Reverse relationships are not included by default unless explicitly included as described below. ---- +#### Inspecting a `ModelSerializer` -**Note**: When validation is applied to a `ModelSerializer`, both the serializer fields, and their corresponding model fields must correctly validate. If you have optional fields on your model, make sure to correctly set `blank=True` on the model field, as well as setting `required=False` on the serializer field. +Serializer classes generate helpful verbose representation strings, that allow you to fully inspect the state of their fields. This is particularly useful when working with `ModelSerializers` where you want to determine what set of fields and validators are being automatically created for you. ---- +To do so, open the Django shell, using `python manage.py shell`, then import the serializer class, instantiate it, and print the object representation… + + >>> from myapp.serializers import AccountSerializer + >>> serializer = AccountSerializer() + >>> print repr(serializer) # Or `print(repr(serializer))` in Python 3.x. + AccountSerializer(): + id = IntegerField(label='ID', read_only=True) + name = CharField(allow_blank=True, max_length=100, required=False) + owner = PrimaryKeyRelatedField(queryset=User.objects.all()) -## Specifying which fields should be included +## Specifying which fields to include If you only want a subset of the default fields to be used in a model serializer, you can do so using `fields` or `exclude` options, just as you would with a `ModelForm`. @@ -325,6 +462,10 @@ For example: model = Account fields = ('id', 'account_name', 'users', 'created') +The names in the `fields` option will normally map to model fields on the model class. + +Alternatively names in the `fields` options can map to properties or methods which take no arguments that exist on the model class. + ## Specifying nested serialization The default `ModelSerializer` uses primary keys for relationships, but you can also easily generate nested representations using the `depth` option: @@ -337,30 +478,70 @@ The default `ModelSerializer` uses primary keys for relationships, but you can a The `depth` option should be set to an integer value that indicates the depth of relationships that should be traversed before reverting to a flat representation. -## Specifying which fields should be read-only +If you want to customize the way the serialization is done (e.g. using `allow_add_remove`) you'll need to define the field yourself. -You may wish to specify multiple fields as read-only. Instead of adding each field explicitly with the `read_only=True` attribute, you may use the `read_only_fields` Meta option, like so: +## Specifying fields explicitly + +You can add extra fields to a `ModelSerializer` or override the default fields by declaring fields on the class, just as you would for a `Serializer` class. class AccountSerializer(serializers.ModelSerializer): + url = serializers.CharField(source='get_absolute_url', read_only=True) + groups = serializers.PrimaryKeyRelatedField(many=True) + class Meta: model = Account - fields = ('id', 'account_name', 'users', 'created') - read_only_fields = ('account_name',) -Model fields which have `editable=False` set, and `AutoField` fields will be set to read-only by default, and do not need to be added to the `read_only_fields` option. +Extra fields can correspond to any property or callable on the model. -## Specifying fields explicitly +## Specifying read only fields -You can add extra fields to a `ModelSerializer` or override the default fields by declaring fields on the class, just as you would for a `Serializer` class. +You may wish to specify multiple fields as read-only. Instead of adding each field explicitly with the `read_only=True` attribute, you may use the shortcut Meta option, `read_only_fields`. - class AccountSerializer(serializers.ModelSerializer): - url = serializers.CharField(source='get_absolute_url', read_only=True) - groups = serializers.PrimaryKeyRelatedField(many=True) +This option should be a list or tuple of field names, and is declared as follows: + class AccountSerializer(serializers.ModelSerializer): class Meta: model = Account + fields = ('id', 'account_name', 'users', 'created') + read_only_fields = ('account_name',) -Extra fields can correspond to any property or callable on the model. +Model fields which have `editable=False` set, and `AutoField` fields will be set to read-only by default, and do not need to be added to the `read_only_fields` option. + +--- + +**Note**: There is a special-case where a read-only field is part of a `unique_together` constraint at the model level. In this case the field is required by the serializer class in order to validate the constraint, but should also not be editable by the user. + +The right way to deal with this is to specify the field explicitly on the serializer, providing both the `read_only=True` and `default=…` keyword arguments. + +One example of this is a read-only relation to the currently authenticated `User` which is `unique_together` with another identifier. In this case you would declare the user field like so: + + user = serializers.PrimaryKeyRelatedField(read_only=True, default=serializers.CurrentUserDefault()) + +Please review the [Validators Documentation](/api-guide/validators/) for details on the [UniqueTogetherValidator](/api-guide/validators/#uniquetogethervalidator) and [CurrentUserDefault](/api-guide/validators/#currentuserdefault) classes. + +--- + + +## Additional keyword arguments + +There is also a shortcut allowing you to specify arbitrary additional keyword arguments on fields, using the `extra_kwargs` option. Similarly to `read_only_fields` this means you do not need to explicitly declare the field on the serializer. + +This option is a dictionary, mapping field names to a dictionary of keyword arguments. For example: + + class CreateUserSerializer(serializers.ModelSerializer): + class Meta: + model = User + fields = ('email', 'username', 'password') + extra_kwargs = {'password': {'write_only': True}} + + def create(self, validated_data): + user = User( + email=validated_data['email'], + username=validated_data['username'] + ) + user.set_password(validated_data['password']) + user.save() + return user ## Relational fields @@ -370,6 +551,89 @@ Alternative representations include serializing using hyperlinks, serializing co For full details see the [serializer relations][relations] documentation. +## Inheritance of the 'Meta' class + +The inner `Meta` class on serializers is not inherited from parent classes by default. This is the same behavior as with Django's `Model` and `ModelForm` classes. If you want the `Meta` class to inherit from a parent class you must do so explicitly. For example: + + class AccountSerializer(MyBaseSerializer): + class Meta(MyBaseSerializer.Meta): + model = Account + +Typically we would recommend *not* using inheritance on inner Meta classes, but instead declaring all options explicitly. + +## Customizing field mappings + +The ModelSerializer class also exposes an API that you can override in order to alter how serializer fields are automatically determined when instantiating the serializer. + +Normally if a `ModelSerializer` does not generate the fields you need by default the you should either add them to the class explicitly, or simply use a regular `Serializer` class instead. However in some cases you may want to create a new base class that defines how the serializer fields are created for any given model. + +### `.serializer_field_mapping` + +A mapping of Django model classes to REST framework serializer classes. You can override this mapping to alter the default serializer classes that should be used for each model class. + +### `.serializer_related_field` + +This property should be the serializer field class, that is used for relational fields by default. + +For `ModelSerializer` this defaults to `PrimaryKeyRelatedField`. + +For `HyperlinkedModelSerializer` this defaults to `serializers.HyperlinkedRelatedField`. + +### `serializer_url_field` + +The serializer field class that should be used for any `url` field on the serializer. + +Defaults to `serializers.HyperlinkedIdentityField` + +### `serializer_choice_field` + +The serializer field class that should be used for any choice fields on the serializer. + +Defaults to `serializers.ChoiceField` + +### The field_class and field_kwargs API + +The following methods are called to determine the class and keyword arguments for each field that should be automatically included on the serializer. Each of these methods should return a two tuple of `(field_class, field_kwargs)`. + +### `.build_standard_field(self, field_name, model_field)` + +Called to generate a serializer field that maps to a standard model field. + +The default implementation returns a serializer class based on the `serializer_field_mapping` attribute. + +### `.build_relational_field(self, field_name, relation_info)` + +Called to generate a serializer field that maps to a relational model field. + +The default implementation returns a serializer class based on the `serializer_relational_field` attribute. + +The `relation_info` argument is a named tuple, that contains `model_field`, `related_model`, `to_many` and `has_through_model` properties. + +### `.build_nested_field(self, field_name, relation_info, nested_depth)` + +Called to generate a serializer field that maps to a relational model field, when the `depth` option has been set. + +The default implementation dynamically creates a nested serializer class based on either `ModelSerializer` or `HyperlinkedModelSerializer`. + +The `nested_depth` will be the value of the `depth` option, minus one. + +The `relation_info` argument is a named tuple, that contains `model_field`, `related_model`, `to_many` and `has_through_model` properties. + +### `.build_property_field(self, field_name, model_class)` + +Called to generate a serializer field that maps to a property or zero-argument method on the model class. + +The default implementation returns a `ReadOnlyField` class. + +### `.build_url_field(self, field_name, model_class)` + +Called to generate a serializer field for the serializer's own `url` field. The default implementation returns a `HyperlinkedIdentityField` class. + +### `.build_unknown_field(self, field_name, model_class)` + +Called when the field name did not map to any model field or model property. +The default implementation raises an error, although subclasses may customize this behavior. + --- # HyperlinkedModelSerializer @@ -393,22 +657,23 @@ There needs to be a way of determining which views should be used for hyperlinki By default hyperlinks are expected to correspond to a view name that matches the style `'{model_name}-detail'`, and looks up the instance by a `pk` keyword argument. -You can change the field that is used for object lookups by setting the `lookup_field` option. The value of this option should correspond both with a kwarg in the URL conf, and with a field on the model. For example: +You can override a URL field view name and lookup field by using either, or both of, the `view_name` and `lookup_field` options in the `extra_kwargs` setting, like so: class AccountSerializer(serializers.HyperlinkedModelSerializer): class Meta: model = Account - fields = ('url', 'account_name', 'users', 'created') - lookup_field = 'slug' + fields = ('account_url', 'account_name', 'users', 'created') + extra_kwargs = { + 'url': {'view_name': 'accounts', 'lookup_field': 'account_name'} + 'users': {'lookup_field': 'username'} + } -Not that the `lookup_field` will be used as the default on *all* hyperlinked fields, including both the URL identity, and any hyperlinked relationships. - -For more specfic requirements such as specifying a different lookup for each field, you'll want to set the fields on the serializer explicitly. For example: +Alternatively you can set the fields on the serializer explicitly. For example: class AccountSerializer(serializers.HyperlinkedModelSerializer): url = serializers.HyperlinkedIdentityField( - view_name='account_detail', - lookup_field='account_name' + view_name='accounts', + lookup_field='slug' ) users = serializers.HyperlinkedRelatedField( view_name='user-detail', @@ -423,13 +688,282 @@ For more specfic requirements such as specifying a different lookup for each fie --- +**Tip**: Properly matching together hyperlinked representations and your URL conf can sometimes be a bit fiddly. Printing the `repr` of a `HyperlinkedModelSerializer` instance is a particularly useful way to inspect exactly which view names and lookup fields the relationships are expected to map too. + +--- + +## Changing the URL field name + +The name of the URL field defaults to 'url'. You can override this globally, by using the `URL_FIELD_NAME` setting. + +--- + +# ListSerializer + +The `ListSerializer` class provides the behavior for serializing and validating multiple objects at once. You won't *typically* need to use `ListSerializer` directly, but should instead simply pass `many=True` when instantiating a serializer. + +When a serializer is instantiated and `many=True` is passed, a `ListSerializer` instance will be created. The serializer class then becomes a child of the parent `ListSerializer` + +There *are* a few use cases when you might want to customize the `ListSerializer` behavior. For example: + +* You want to provide particular validation of the lists, such as always ensuring that there is at least one element in a list. +* You want to customize the create or update behavior of multiple objects. + +For these cases you can modify the class that is used when `many=True` is passed, by using the `list_serializer_class` option on the serializer `Meta` class. + +For example: + + class CustomListSerializer(serializers.ListSerializer): + ... + + class CustomSerializer(serializers.Serializer): + ... + class Meta: + list_serializer_class = CustomListSerializer + +#### Customizing multiple create + +The default implementation for multiple object creation is to simply call `.create()` for each item in the list. If you want to customize this behavior, you'll need to customize the `.create()` method on `ListSerializer` class that is used when `many=True` is passed. + +For example: + + class BookListSerializer(serializers.ListSerializer): + def create(self, validated_data): + books = [Book(**item) for item in validated_data] + return Book.objects.bulk_create(books) + + class BookSerializer(serializers.Serializer): + ... + class Meta: + list_serializer_class = BookListSerializer + +#### Customizing multiple update + +By default the `ListSerializer` class does not support multiple updates. This is because the behavior that should be expected for insertions and deletions is ambiguous. + +To support multiple updates you'll need to do so explicitly. When writing your multiple update code make sure to keep the following in mind: + +* How do you determine which instance should be updated for each item in the list of data? +* How should insertions be handled? Are they invalid, or do they create new objects? +* How should removals be handled? Do they imply object deletion, or removing a relationship? Should they be silently ignored, or are they invalid? +* How should ordering be handled? Does changing the position of two items imply any state change or is it ignored? + +Here's an example of how you might choose to implement multiple updates: + + class BookListSerializer(serializers.ListSerializer): + def update(self, instance, validated_data): + # Maps for id->instance and id->data item. + book_mapping = {book.id: book for book in instance} + data_mapping = {item['id']: item for item in validated_data} + + # Perform creations and updates. + ret = [] + for book_id, data in data_mapping.items(): + book = book_mapping.get(book_id, None): + if book is None: + ret.append(self.child.create(data)) + else: + ret.append(self.child.update(book, data)) + + # Perform deletions. + for book_id, book in book_mapping.items(): + if book_id not in data_mapping: + book.delete() + + return ret + + class BookSerializer(serializers.Serializer): + ... + class Meta: + list_serializer_class = BookListSerializer + +It is possible that a third party package may be included alongside the 3.1 release that provides some automatic support for multiple update operations, similar to the `allow_add_remove` behavior that was present in REST framework 2. + +#### Customizing ListSerializer initialization + +When a serializer with `many=True` is instantiated, we need to determine which arguments and keyword arguments should be passed to the `.__init__()` method for both the child `Serializer` class, and for the parent `ListSerializer` class. + +The default implementation is to pass all arguments to both classes, except for `validators`, and any custom keyword arguments, both of which are assumed to be intended for the child serializer class. + +Occasionally you might need to explicitly specify how the child and parent classes should be instantiated when `many=True` is passed. You can do so by using the `many_init` class method. + + @classmethod + def many_init(cls, *args, **kwargs): + # Instantiate the child serializer. + kwargs['child'] = cls() + # Instantiate the parent list serializer. + return CustomListSerializer(*args, **kwargs) + +--- + +# BaseSerializer + +`BaseSerializer` class that can be used to easily support alternative serialization and deserialization styles. + +This class implements the same basic API as the `Serializer` class: + +* `.data` - Returns the outgoing primitive representation. +* `.is_valid()` - Deserializes and validates incoming data. +* `.validated_data` - Returns the validated incoming data. +* `.errors` - Returns an errors during validation. +* `.save()` - Persists the validated data into an object instance. + +There are four methods that can be overridden, depending on what functionality you want the serializer class to support: + +* `.to_representation()` - Override this to support serialization, for read operations. +* `.to_internal_value()` - Override this to support deserialization, for write operations. +* `.create()` and `.update()` - Overide either or both of these to support saving instances. + +Because this class provides the same interface as the `Serializer` class, you can use it with the existing generic class based views exactly as you would for a regular `Serializer` or `ModelSerializer`. + +The only difference you'll notice when doing so is the `BaseSerializer` classes will not generate HTML forms in the browsable API. This is because the data they return does not include all the field information that would allow each field to be rendered into a suitable HTML input. + +##### Read-only `BaseSerializer` classes + +To implement a read-only serializer using the `BaseSerializer` class, we just need to override the `.to_representation()` method. Let's take a look at an example using a simple Django model: + + class HighScore(models.Model): + created = models.DateTimeField(auto_now_add=True) + player_name = models.CharField(max_length=10) + score = models.IntegerField() + +It's simple to create a read-only serializer for converting `HighScore` instances into primitive data types. + + class HighScoreSerializer(serializers.BaseSerializer): + def to_representation(self, obj): + return { + 'score': obj.score, + 'player_name': obj.player_name + } + +We can now use this class to serialize single `HighScore` instances: + + @api_view(['GET']) + def high_score(request, pk): + instance = HighScore.objects.get(pk=pk) + serializer = HighScoreSerializer(instance) + return Response(serializer.data) + +Or use it to serialize multiple instances: + + @api_view(['GET']) + def all_high_scores(request): + queryset = HighScore.objects.order_by('-score') + serializer = HighScoreSerializer(queryset, many=True) + return Response(serializer.data) + +##### Read-write `BaseSerializer` classes + +To create a read-write serializer we first need to implement a `.to_internal_value()` method. This method returns the validated values that will be used to construct the object instance, and may raise a `ValidationError` if the supplied data is in an incorrect format. + +Once you've implemented `.to_internal_value()`, the basic validation API will be available on the serializer, and you will be able to use `.is_valid()`, `.validated_data` and `.errors`. + +If you want to also support `.save()` you'll need to also implement either or both of the `.create()` and `.update()` methods. + +Here's a complete example of our previous `HighScoreSerializer`, that's been updated to support both read and write operations. + + class HighScoreSerializer(serializers.BaseSerializer): + def to_internal_value(self, data): + score = data.get('score') + player_name = data.get('player_name') + + # Perform the data validation. + if not score: + raise ValidationError({ + 'score': 'This field is required.' + }) + if not player_name: + raise ValidationError({ + 'player_name': 'This field is required.' + }) + if len(player_name) > 10: + raise ValidationError({ + 'player_name': 'May not be more than 10 characters.' + }) + + # Return the validated values. This will be available as + # the `.validated_data` property. + return { + 'score': int(score), + 'player_name': player_name + } + + def to_representation(self, obj): + return { + 'score': obj.score, + 'player_name': obj.player_name + } + + def create(self, validated_data): + return HighScore.objects.create(**validated_data) + +#### Creating new base classes + +The `BaseSerializer` class is also useful if you want to implement new generic serializer classes for dealing with particular serialization styles, or for integrating with alternative storage backends. + +The following class is an example of a generic serializer that can handle coercing arbitrary objects into primitive representations. + + class ObjectSerializer(serializers.BaseSerializer): + """ + A read-only serializer that coerces arbitrary complex objects + into primitive representations. + """ + def to_representation(self, obj): + for attribute_name in dir(obj): + attribute = getattr(obj, attribute_name) + if attribute_name('_'): + # Ignore private attributes. + pass + elif hasattr(attribute, '__call__'): + # Ignore methods and other callables. + pass + elif isinstance(attribute, (str, int, bool, float, type(None))): + # Primitive types can be passed through unmodified. + output[attribute_name] = attribute + elif isinstance(attribute, list): + # Recursively deal with items in lists. + output[attribute_name] = [ + self.to_representation(item) for item in attribute + ] + elif isinstance(attribute, dict): + # Recursively deal with items in dictionaries. + output[attribute_name] = { + str(key): self.to_representation(value) + for key, value in attribute.items() + } + else: + # Force anything else to its string representation. + output[attribute_name] = str(attribute) + +--- + # Advanced serializer usage -You can create customized subclasses of `ModelSerializer` or `HyperlinkedModelSerializer` that use a different set of default fields. +## Overriding serialization and deserialization behavior + +If you need to alter the serialization, deserialization or validation of a serializer class you can do so by overriding the `.to_representation()` or `.to_internal_value()` methods. + +Some reasons this might be useful include... + +* Adding new behavior for new serializer base classes. +* Modifying the behavior slightly for an existing class. +* Improving serialization performance for a frequently accessed API endpoint that returns lots of data. -Doing so should be considered advanced usage, and will only be needed if you have some particular serializer requirements that you often need to repeat. +The signatures for these methods are as follows: -## Dynamically modifiying fields +#### `.to_representation(self, obj)` + +Takes the object instance that requires serialization, and should return a primitive representation. Typically this means returning a structure of built-in Python datatypes. The exact types that can be handled will depend on the render classes you have configured for your API. + +#### ``.to_internal_value(self, data)`` + +Takes the unvalidated incoming data as input and should return the validated data that will be made available as `serializer.validated_data`. The return value will also be passed to the `.create()` or `.update()` methods if `.save()` is called on the serializer class. + +If any of the validation fails, then the method should raise a `serializers.ValidationError(errors)`. Typically the `errors` argument here will be a dictionary mapping field names to error messages. + +The `data` argument passed to this method will normally be the value of `request.data`, so the datatype it provides will depend on the parser classes you have configured for your API. + +## Dynamically modifying fields Once a serializer has been initialized, the dictionary of fields that are set on the serializer may be accessed using the `.fields` attribute. Accessing and modifying this attribute allows you to dynamically modify the serializer. @@ -448,11 +982,11 @@ For example, if you wanted to be able to set which fields should be used by a se def __init__(self, *args, **kwargs): # Don't pass the 'fields' arg up to the superclass fields = kwargs.pop('fields', None) - - # Instatiate the superclass normally + + # Instantiate the superclass normally super(DynamicFieldsModelSerializer, self).__init__(*args, **kwargs) - - if fields: + + if fields is not None: # Drop any fields that are not specified in the `fields` argument. allowed = set(fields) existing = set(self.fields.keys()) @@ -472,49 +1006,39 @@ This would then allow you to do the following: >>> print UserSerializer(user, fields=('id', 'email')) {'id': 2, 'email': 'jon@example.com'} -## Customising the default fields - -The `field_mapping` attribute is a dictionary that maps model classes to serializer classes. Overriding the attribute will let you set a different set of default serializer classes. +## Customizing the default fields -For more advanced customization than simply changing the default serializer class you can override various `get_<field_type>_field` methods. Doing so will allow you to customize the arguments that each serializer field is initialized with. Each of these methods may either return a field or serializer instance, or `None`. +REST framework 2 provided an API to allow developers to override how a `ModelSerializer` class would automatically generate the default set of fields. -### get_pk_field +This API included the `.get_field()`, `.get_pk_field()` and other methods. -**Signature**: `.get_pk_field(self, model_field)` +Because the serializers have been fundamentally redesigned with 3.0 this API no longer exists. You can still modify the fields that get created but you'll need to refer to the source code, and be aware that if the changes you make are against private bits of API then they may be subject to change. -Returns the field instance that should be used to represent the pk field. +A new interface for controlling this behavior is currently planned for REST framework 3.1. -### get_nested_field - -**Signature**: `.get_nested_field(self, model_field, related_model, to_many)` - -Returns the field instance that should be used to represent a related field when `depth` is specified as being non-zero. - -Note that the `model_field` argument will be `None` for reverse relationships. The `related_model` argument will be the model class for the target of the field. The `to_many` argument will be a boolean indicating if this is a to-one or to-many relationship. - -### get_related_field - -**Signature**: `.get_related_field(self, model_field, related_model, to_many)` - -Returns the field instance that should be used to represent a related field when `depth` is not specified, or when nested representations are being used and the depth reaches zero. - -Note that the `model_field` argument will be `None` for reverse relationships. The `related_model` argument will be the model class for the target of the field. The `to_many` argument will be a boolean indicating if this is a to-one or to-many relationship. +--- -### get_field +# Third party packages -**Signature**: `.get_field(self, model_field)` +The following third party packages are also available. -Returns the field instance that should be used for non-relational, non-pk fields. +## MongoengineModelSerializer -### Example +The [django-rest-framework-mongoengine][mongoengine] package provides a `MongoEngineModelSerializer` serializer class that supports using MongoDB as the storage layer for Django REST framework. -The following custom model serializer could be used as a base class for model serializers that should always exclude the pk by default. +## GeoFeatureModelSerializer - class NoPKModelSerializer(serializers.ModelSerializer): - def get_pk_field(self, model_field): - return None +The [django-rest-framework-gis][django-rest-framework-gis] package provides a `GeoFeatureModelSerializer` serializer class that supports GeoJSON both for read and write operations. +## HStoreSerializer +The [django-rest-framework-hstore][django-rest-framework-hstore] package provides an `HStoreSerializer` to support [django-hstore][django-hstore] `DictionaryField` model field and its `schema-mode` feature. [cite]: https://groups.google.com/d/topic/django-users/sVFaOfQi4wY/discussion [relations]: relations.md +[model-managers]: https://docs.djangoproject.com/en/dev/topics/db/managers/ +[encapsulation-blogpost]: http://www.dabapps.com/blog/django-models-and-encapsulation/ +[mongoengine]: https://github.com/umutbozkurt/django-rest-framework-mongoengine +[django-rest-framework-gis]: https://github.com/djangonauts/django-rest-framework-gis +[django-rest-framework-hstore]: https://github.com/djangonauts/django-rest-framework-hstore +[django-hstore]: https://github.com/djangonauts/django-hstore |