insert and update model and serializer with model permission in django
Insert and update - in drf
File: views.py
class UserAction(APIView): authentication_classes = [JWTAuthentication] permission_classes = [IsAuthenticated]
# create def post(self, request, format=None): data = request.data user = request.user if user.is_member: try: serializer = UserSerializer(data=data) if serializer.is_valid(raise_exception=True): serializer.save() return Response({"message":"user created!"}) else: return Response({"message":"user not created!"}) except Exception as e: print(e) else: return Response({"message":"unauthenticated manager requests!"})
# update def put(self, request,pk=None, format=None): data = request.data user = request.user id = pk if id: if user.is_member: if Member.objects.filter(id=id).exists(): mem_obj = Member.objects.get(id=id) if mem_obj.is_member: return Response({"you can't update another member info"}) else: serializer = UserSerializer(mem_obj,data=data) if serializer.is_valid(raise_exception=True): serializer.save() return Response({"message":"user record updated!"}) else: return Response({"message":"record not updated!"}) else: return Response({"message":"user id not exist!"}) else: return Response({"access restricted!"}) else: return Response({ "sorry no userid provided! plz provide user id !! " }) |
File: serializers.py
class UserSerializer(serializers.ModelSerializer): class Meta: model = Member fields = ['name','email','password','profile','address'] def create(self, validated_data): user = Member.objects.create( name = validated_data.get('name'), email = validated_data.get('email'), password = make_password(validated_data.get('password')), profile = validated_data.get('profile'), address = validated_data.get('address'), ) user.save() return user def update(self, instance, validated_data): password = validated_data.get('password',) instance.id = validated_data.get('id', instance.id) instance.name = validated_data.get('name', instance.name) instance.email = validated_data.get('email', instance.email) instance.password = make_password(password) instance.profile = validated_data.get('profile',instance.profile) instance.address = validated_data.get('address',instance.address) instance.save() return instance |
File: core.models.py
from django.db import models from django.contrib.auth.models import AbstractBaseUser, BaseUserManager, PermissionsMixin
class MemberManager(BaseUserManager): def create_user(self,name,email,password): if not name: raise ValueError("name field required") if not email: raise ValueError("email field required") if not password: raise ValueError("password field required")
user = self.model(name=name,email=self.normalize_email(email)) user.set_password(password) user.save(using = self._db) return user def create_superuser(self,name,email,password): user = self.create_user(name=name,email=email,password=password) user.is_member = False user.is_staff = True user.is_superuser = True user.save(using = self._db) return user
class Member(AbstractBaseUser): name = models.CharField(max_length=200) email = models.EmailField(max_length=200,unique=True) password = models.CharField(max_length=250) profile = models.ImageField(upload_to="media/core", null=True) address = models.TextField(null=True) is_active = models.BooleanField(default=True) is_member = models.BooleanField(default=False, null=True) is_staff = models.BooleanField(default=False) is_superuser = models.BooleanField(default=False)
objects = MemberManager()
USERNAME_FIELD = 'email' REQUIRED_FIELDS = ['name']
def has_perm(self, perm, obj=None): return self.is_superuser
def has_module_perms(self, app_label): return self.is_superuser def __str__(self): return self.name |
File: urls.py
from .views import *
urlpatterns = [ path('admin_addmember/',AddMember.as_view()), path('users/',UserAction.as_view()), path('users/<int:pk>',UserAction.as_view()), path('userlists/',UserAllLists.as_view()), ] |
