我有这样的用户资源
class UserResource(ModelResource):
class Meta:
queryset = User.objects.filter(is_active=True)
resource_name = 'user'
excludes = ['email', 'password', 'is_active', 'is_staff', 'is_superuser']
serializer = CamelCaseJSONSerializer(formats=['json'])
list_allowed_methods = ['post']
detail_allowed_methods = ['get', 'post', 'put', 'patch']
authentication = ApiKeyAuthentication()
models.signals.post_save.connect(create_api_key, sender=User)
def obj_create(self, bundle, request=None, **kwargs):
try:
bundle = super(UserResource, self).obj_create(bundle, request, **kwargs)
bundle.obj.set_password(bundle.gata.get('password'))
bundle.obj.save()
except IntegrityError:
raise BadRequest('The username already exists')
return bundle
def apply_authorization_limits(self, request, object_list):
return object_list.filter(user = request.user)
我正在使用 slumber 用这行代码创建一个新用户
import slumber
>>> api = slumber.API("http://127.0.0.1:8000/api/v1")
>>> new = api.user.post({"firstName" : "fname", "lastName" : "lname", "username" : "anewuser", "password" : "123456", "email" : "email@email.com"})
我收到一个错误,上面写着
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/Library/Python/2.7/site-packages/slumber/__init__.py", line 125, in post
resp = self._request("POST", data=s.dumps(data), params=kwargs)
File "/Library/Python/2.7/site-packages/slumber/__init__.py", line 104, in _request
raise exceptions.HttpClientError("Client Error %s: %s" % (resp.status_code, url), response=resp, content=resp.content)
slumber.exceptions.HttpClientError: Client Error 401: http://127.0.0.1:8000/api/v1/user/
我认为在创建新用户时我不应该得到 401 ......
我不希望 API 打开,因此可以检索所有用户的列表,我只希望登录用户获取他们的信息
我究竟做错了什么?
更好的方法 - 创建一个用于创建用户的新资源。此资源只能由超级用户调用
class UserSignUpResource(ModelResource):
class Meta:
object_class = User
queryset = User.objects.all()
allowed_methods = ['post']
include_resource_uri = False
resource_name = 'newuser'
excludes = ['is_active', 'is_staff', 'is_superuser']
serializer = CamelCaseJSONSerializer(formats=['json'])
authentication = ApiKeyAuthentication()
authorization = DjangoAuthorization()
models.signals.post_save.connect(create_api_key, sender=User)
def obj_create(self, bundle, request=None, **kwargs):
try:
bundle = super(UserSignUpResource, self).obj_create(bundle, request, **kwargs)
bundle.obj.set_password(bundle.data.get('password'))
bundle.obj.save()
except IntegrityError:
raise BadRequest('The username already exists')
return bundle
def apply_authorization_limits(self, request, object_list):
return object_list.filter(id=request.user.id, is_superuser=True)
使用此命令创建一个新用户
curl -v -X POST -d '{"username" : "username", "password" : "123456"}' -H "Authorization: ApiKey superusername:apikey" -H "Content-Type: application/json" http://127.0.0.1:8000/api/v1/newuser/