0

every one,I now using django rest framework(3.4) on my project(django 1.8+),I can create new user but I can not use new user to create data in db(I can do it in forms ok), however,I can create data in db by admin. I have to make the new user to create data in db,how can I do that?thanks for any one who reply.

models.py

class ProductsTbl(models.Model):
    model_number = models.CharField(
        max_length=255,
        blank=True,
        unique=True,
        error_messages={
            'unique': "這 model number 已經被註冊了 ."
        }
    )
    name = models.CharField(max_length=255, blank=True, null=True)
    material = models.CharField(max_length=255, blank=True, null=True)
    color = models.CharField(max_length=255, blank=True, null=True)
    feature = models.TextField(blank=True, null=True)
    created = models.DateTimeField(editable=False)
    modified = models.DateTimeField(auto_now=True)
    release = models.DateTimeField(blank=True, null=True)
    twtime = models.DateTimeField(blank=True, null=True)
    hktime = models.DateTimeField(blank=True, null=True)
    shtime = models.DateTimeField(blank=True, null=True)
    jptime = models.DateTimeField(blank=True, null=True)
    suggest = models.TextField(blank=True, null=True)
    description = models.TextField(blank=True, null=True)
    cataloggroup = models.ManyToManyField(CatalogGroup)
    place = models.ManyToManyField(Place)
    scale = models.ManyToManyField(Scale)
    slug = models.SlugField(unique=True)
    user = models.ForeignKey(User, blank=True, null=True)
    useredit = models.CharField(max_length=32, blank=True, null=True)

    def __unicode__(self):
        return self.name

    def save(self, *args, **kwargs):
        ''' On save, update timestamps '''

        if not self.id:
            self.created = timezone.now()

        return super(ProductsTbl, self).save(*args, **kwargs)

api/serializers.py

from rest_framework import serializers
from ..models import *
from django.contrib.auth.models import User
from django.contrib.auth import get_user_model


UserModel = get_user_model()

class ProductsTblSerializer(serializers.ModelSerializer):
    class Meta:
        model = ProductsTbl
        fields = ('model_number',
        'created',
        'name',
        'release',
        'twtime',
        'hktime',
        'shtime',
        'jptime',
        'feature',
        'material',
        'suggest',
        'description',
        'cataloggroup',
        'place',
        'scale',
        'slug',
        'user')



class UserSerializer(serializers.ModelSerializer):

    password = serializers.CharField(write_only=True)

    def create(self, validated_data):

        user = UserModel.objects.create(
            username=validated_data['username']
        )
        user.set_password(validated_data['password'])
        user.save()

        return user

    class Meta:
        model = UserModel

api/urls.py

from django.conf.urls import url, include
from . import views


urlpatterns = [
    url(r'^productsTbls/$', views.ProductsTblListView.as_view(), name='productsTbls_list'),
    url(r'^productsTbls/(?P<pk>\d+)/$', views.ProductsTblDetailView.as_view(), name='productsTbls_detail'),
    url(r'^productsTbls/pdelete/(?P<id>[-\w]+)/$',views.api_delete_product,name='api_delete_p'),
    url(r'^productsTbls/register/$', views.CreateUserView.as_view(), name='productsTbls_register'),

]

api/views.py

from rest_framework import generics
from ..models import *
from .serializers import ProductsTblSerializer
from django.contrib.auth.decorators import login_required
from django.http import Http404, HttpResponse
from django.shortcuts import render, redirect
from rest_framework.renderers import JSONRenderer
from rest_framework.parsers import JSONParser
from django.views.decorators.csrf import csrf_exempt
from django.forms import modelformset_factory
from django.template.defaultfilters import slugify
from rest_framework import permissions
from rest_framework.generics import CreateAPIView
from django.contrib.auth import get_user_model
from .serializers import UserSerializer





class ProductsTblListView(generics.ListCreateAPIView):
    queryset = ProductsTbl.objects.order_by('-created')
    serializer_class = ProductsTblSerializer



class ProductsTblDetailView(generics.RetrieveUpdateDestroyAPIView):
    queryset = ProductsTbl.objects.all()
    serializer_class = ProductsTblSerializer


class CreateUserView(CreateAPIView):

    model = get_user_model()
    permission_classes = [
        permissions.AllowAny # Or anon users can't register
    ]
    serializer_class = UserSerializer




@csrf_exempt
@login_required
def api_delete_product(request, id):
    # grab the image
    dp = ProductsTbl.objects.get(id=id)
    # security check
    if dp.user != request.user:
        raise Http404
    # delete the image
    dp.delete()
    # refresh the edit page
    return redirect('/api/productsTbls/')

settings.py

........

REST_FRAMEWORK = {
    'DEFAULT_PERMISSION_CLASSES': [
        'rest_framework.permissions.DjangoModelPermissionsOrAnonReadOnly'
    ]
}
Improve this question
4
  • 1
    I think from admin portal you need to provide permissions to user you have created for each method PUT,POST,GET Commented Jul 29, 2016 at 5:25
  • you mean in settings.py? Commented Jul 29, 2016 at 6:16
  • Yes, you have to provide permission in settings.py. Commented Jul 29, 2016 at 10:08
  • thank you ,I did it Commented Jul 29, 2016 at 10:41

2 Answers 2

Reset to default
1

I changed the settings.py then it can work

settings.py

......
REST_FRAMEWORK = {
    'DEFAULT_PERMISSION_CLASSES': [
        'rest_framework.permissions.AllowAny',
        #'rest_framework.permissions.DjangoModelPermissionsOrAnonReadOnly'
    ]
}
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

I think from admin portal you need to provide permissions to user you have created for each method PUT,POST,GET or provide AllowAny permission(Which will give access to all your created user for any request). For more details refer this

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.