When to use Serializers in Django Rest Framework? - serialization

I Develop a API [Django Rest Framework] for several purpose and ALL Data processed in JSON Format.
I have doubt about Serializer and it is must to used? and its Purpose?
My code:
class login(APIView):
def post(self, request):
jsondata = json.loads(request.body.decode('utf-8')).get('ls_json')
user_name = jsondata[0].get('username')
user_password = jsondata[0].get('password')
out_message = mCore.get_login(user_name, user_password)
return Response(out_message)
and url.py is :
urlpatterns = [
path('login/', view.login.as_view()),
]
and My Json Data Looks like :
{"ls_json":[{"username":"xy0003","password":"abcd"}]}
The above data is used to POST in api.
My Question is
1) Should i must use Serializer?
2) I deal In and OUT data as in JSON.

Serializers are used to do something with the data you send to the server against a Model. If you would like to do something with the data you are sending (In your example you could try to login or register an account) you will need to use serializers.
In this link you can find a lot of useful information on what are they used for and how to use them:
Django Serializers

Related

How should I pass a raw query response to a Serializer class?

I am trying to fetch data using raw sql query but I am facing issues when I am trying to pass the raw sql response to the Serializer class.
Serializer
class User_Serializer(serializers.ModelSerializer):
class Meta:
model = Users
fields = '__all__'
View
class UserView(APIView):
def get(self, request, emailId, format=None):
with connection.cursor() as cursor:
cursor.execute("SELECT * FROM users")
resRow = cursor.fetchone()
serializerResponse = User_Serializer(resRow)
return Response(serializerResponse.data)
I realise that the Serializer class cannot work with the ModelSerialzier class in this scenerio. How should I build my Serializer considering the fact that I need to post and save data to the concerned model using this Serializer class.
Instead of creating a connection manually use your model manager's raw method. It will return a RawQuerySet instance and will be iterable just like regular QuerySet. Also all the records that was fetched from db will be a model instance. You can use it like:
users = User.objects.raw("SELECT * FROM users_user")
serializer = UserSerializer(users, many=True)
serializer.data
Don't forget to check out raw sql documentation.

django rest framework: Dynamic serializer and ViewSet

I'm new to django and django rest framework as a disclaimer.
I have a Model that contains metadata columns like last modified date and last modified user. This data should be available in the API for viewing but will be set automatically by the backend and hence must not be required for creation/update. As far as I understood I can create a dynamic serializer as shown in the docs.
However how can I use a dynamic serialize on a ViewSet? Or is that simply not possible?
If you want the last modified date and last modified user to be read only, you do not need to create a DynamicSerializer. All you need to do is to set the fields as read_only on the serializer.
class MyModelSerializer(serializers.ModelSerializer):
class Meta:
model = MyModel
fields = (fields exposed to the API)
read_only_fields = ("last_modified_date", "last_modified_user")
After creating the serializer, it must be added to the ViewSet
class MyModelViewSet(viewsets.ModelViewSet):
queryset = MyModel.objects.all()
serializer_class = MyModelSerializer

use request when using rest_framework.serializer

I use Django REST Framework and I have a django model class like this:
class Venue(models.Model):
user=models.ForeignKey(User)
I would then want to serialize this:
from rest_framework import serializers
import models
class VenueSerializer(serializers.ModelSerializer):
class Meta:
model=models.Venue
fields=('id','user','is_current_user')
where is_current_user is a boolean value, somehow like this
def is_current_user(self):
return self.request.user==self.user
How can I do this? Do I have request somewhere in serializer? Or should I do this somewhere in the model?
Less convenient options are:
to send the current user id to the client in another way and compare there, but then I'd have to expose the user of each model to the client.
to iterate over the json after serialization
manually without the serializers create a json from a queryset
I would suggest using SerializerMethodField:
class VenueSerializer(serializers.ModelSerializer):
class Meta:
model=models.Venue
fields=('id','user','is_current_user')
def get_is_current_user(self, obj):
return self.context['request'].user == obj.user

Django REST framework flat, read-write serializer

In Django REST framework, what is involved in creating a flat, read-write serializer representation? The docs refer to a 'flat representation' (end of the section http://django-rest-framework.org/api-guide/serializers.html#dealing-with-nested-objects) but don't offer examples or anything beyond a suggestion to use a RelatedField subclass.
For instance, how to provide a flat representation of the User and UserProfile relationship, below?
# Model
class UserProfile(models.Model):
user = models.OneToOneField(User)
favourite_number = models.IntegerField()
# Serializer
class UserProfileSerializer(serializers.ModelSerializer):
email = serialisers.EmailField(source='user.email')
class Meta:
model = UserProfile
fields = ['id', 'favourite_number', 'email',]
The above UserProfileSerializer doesn't allow writing to the email field, but I hope it expresses the intention sufficiently well. So, how should a 'flat' read-write serializer be constructed to allow a writable email attribute on the UserProfileSerializer? Is it at all possible to do this when subclassing ModelSerializer?
Thanks.
Looking at the Django REST framework (DRF) source I settled on the view that a DRF serializer is strongly tied to an accompanying Model for unserializing purposes. Field's source param make this less so for serializing purposes.
With that in mind, and viewing serializers as encapsulating validation and save behaviour (in addition to their (un)serializing behaviour) I used two serializers: one for each of the User and UserProfile models:
class UserSerializer(serializer.ModelSerializer):
class Meta:
model = User
fields = ['email',]
class UserProfileSerializer(serializer.ModelSerializer):
email = serializers.EmailField(source='user.email')
class Meta:
model = UserProfile
fields = ['id', 'favourite_number', 'email',]
The source param on the EmailField handles the serialization case adequately (e.g. when servicing GET requests). For unserializing (e.g. when serivicing PUT requests) it is necessary to do a little work in the view, combining the validation and save behaviour of the two serializers:
class UserProfileRetrieveUpdate(generics.GenericAPIView):
def get(self, request, *args, **kwargs):
# Only UserProfileSerializer is required to serialize data since
# email is populated by the 'source' param on EmailField.
serializer = UserProfileSerializer(
instance=request.user.get_profile())
return Response(serializer.data)
def put(self, request, *args, **kwargs):
# Both UserSerializer and UserProfileSerializer are required
# in order to validate and save data on their associated models.
user_profile_serializer = UserProfileSerializer(
instance=request.user.get_profile(),
data=request.DATA)
user_serializer = UserSerializer(
instance=request.user,
data=request.DATA)
if user_profile_serializer.is_valid() and user_serializer.is_valid():
user_profile_serializer.save()
user_serializer.save()
return Response(
user_profile_serializer.data, status=status.HTTP_200_OK)
# Combine errors from both serializers.
errors = dict()
errors.update(user_profile_serializer.errors)
errors.update(user_serializer.errors)
return Response(errors, status=status.HTTP_400_BAD_REQUEST)
First: better handling of nested writes is on it's way.
Second: The Serializer Relations docs say of both PrimaryKeyRelatedField and SlugRelatedField that "By default this field is read-write..." — so if your email field was unique (is it?) it might be you could use the SlugRelatedField and it would just work — I've not tried this yet (however).
Third: Instead I've used a plain Field subclass that uses the source="*" technique to accept the whole object. From there I manually pull the related field in to_native and return that — this is read-only. In order to write I've checked request.DATA in post_save and updated the related object there — This isn't automatic but it works.
So, Fourth: Looking at what you've already got, my approach (above) amounts to marking your email field as read-only and then implementing post_save to check for an email value and perform the update accordingly.
Although this does not strictly answer the question - I think it will solve your need. The issue may be more in the split of two models to represent one entity than an issue with DRF.
Since Django 1.5, you can make a custom user, if all you want is some method and extra fields but apart from that you are happy with the Django user, then all you need to do is:
class MyUser(AbstractBaseUser):
favourite_number = models.IntegerField()
and in settings: AUTH_USER_MODEL = 'myapp.myuser'
(And of course a db-migration, which could be made quite simple by using db_table option to point to your existing user table and just add the new columns there).
After that, you have the common case which DRF excels at.

RESTful API endpoint for adding/removing array elements?

I have RESTful API built on top of a MongoDB store, so it's nice that you can store arrays. It's straightforward to create a new resource like this:
POST /users
{
items: [
1001, 1002, 1003
]
}
But how would the HTTP endpoint for adding a new item or removing an item would look like?
Right now, I have to specify the entire array, including elements that I don't want to touch:
PATCH /users/{id}
{
name: 'Bruce Wayne',
items: [
1001, 1002
]
}
Or pass in a mongodb query directly:
PATCH /users/{id}?query[$push][items]=1003
Is there a better way to do this?
Edit:
I like how StackMob's API does it. How do I update the name and remove an element from items at the same time though? For example, when I'm updating a bunch of the user's details on an admin dashboard? I don't think replacing the entire array is a good idea in mongodb?
Passing a mongodb query seems like a bad idea. Depending on your backend implementation it could lead to an attacker doing bad things to your data as in SQL Injection
You can model the modification of an attribute on a resource with PUT or PATCH with some limitations:
When using PUT the client is expected to send the whole representation of the resource. IT works for you but it may be cumbersome.
When using PATCH the client is expected to send the attributes that are intended to change, instead of the whole resource. Yet, you have to send the whole value, not just the additions or deletions of items to the value. Again it works but you are not in love with it.
I think you are looking for a way to model adding and removing items to the array:
I would model the array as a resource on its own: /users/:id/items
Accept POSTto add an item to the array and DELETE to remove from the array.
It's simple and RESTful.
As per the REST standards to create and delete a new request -->
POST -Create a new resource in a collection
and
DELETE -Delete a resource
I can give you an example of how the high-level HTTP endpoint in java looks like using Jersey.
You can have a Resource class with the HTTP Path specified and specific Paths for methods doing different operations.
So the URL could look like --
/rest/MyResource/Resource accompanied by a request JSON or XML(that contains your input data)
Here is a sample Resource class that would be your entry point(ofcourse you would have to do your configuration in web.xml to do URL mapping for this class) -->
import javax.ws.rs.Consumes;
import javax.ws.rs.POST;
import javax.ws.rs.DELETE;
import javax.ws.rs.Produces;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import org.json.JSONObject;
public class SampleRESTServiceResource {
/**
* #param incomingJsonString
* #return Response
*/
#POST
#Consumes(MediaType.APPLICATION_JSON)
#Produces(MediaType.APPLICATION_JSON)
public Response createNewResource(JSONObject myJson) {
// Do a call to a DAO Implementation that does a JDBC call to insert into Mongo based on JSON
return null;
}
/**
* #param incomingJsonString
* #return Return response
*/
#DELETE
#Produces(MediaType.APPLICATION_JSON)
#Consumes(MediaType.APPLICATION_JSON)
public Response deleteResource(JSONObject myJson) {
// Do a call to a DAO Implementation that does a JDBC call to delete resource from Mongo based on JSON
return null;
}
}
If you want to try out an example you can refer to this page -->
https://www.ibm.com/developerworks/library/wa-aj-tomcat/