I have few views in my project which are called only by ajax and I need to put in a check that the views are processed only if the request is ajax. So I thought of writing a decorator. Upon searching for similar type of decorators I hit upon few but couldn't understand anything.
I make use of class based views and will use this decorator on get/post methods. I did find few snippets but all were written for function based views which made it more difficult for me to understand as I have never worked upon function based views.
I just need to know what is idea behind decorators and how it works.
from functools import wraps
from django.core.exceptions import PermissionDenied
def require_ajax(view):
#wraps(view)
def _wrapped_view(request, *args, **kwargs):
if request.is_ajax():
return view(request, *args, **kwargs)
else:
raise PermissionDenied()
return _wrapped_view
After a google search I've found this:
from django.http import HttpResponseBadRequest
def ajax_required(f):
"""
AJAX request required decorator
use it in your views:
#ajax_required
def my_view(request):
....
"""
def wrap(request, *args, **kwargs):
if not request.is_ajax():
return HttpResponseBadRequest()
return f(request, *args, **kwargs)
wrap.__doc__=f.__doc__
wrap.__name__=f.__name__
return wrap
Didn't tried it, so you have to try it. The essential part is request.is_ajax() which checks if the request is made through AJAX. Check also the docs for more info on is_ajax() method.
EDIT
To decorate a view class in django see Decorating the class in the documentation. Basically the decorator function wraps a method of the class. So you can use the django #method_decorator() to wrap a method in your decorator function (ajax_required):
#method_decorator(ajax_required)
def method_you_want_to_get_only_AJAX_requests():
......
Related
I build a decorator with parameter to limit access to the certain pages
def page_decorator(arg):
"""
Decorate routes to require access to the page.
"""
def inner_decorator(f):
def wrapped(*args, **kwargs):
if arg not in session.get("menus"):
return redirect("/")
response = f(*args, **kwargs)
return response
return wrapped
return inner_decorator
and I call here
#app.route("/receiving-performance",methods=["GET","POST"])
#login_required
#page_decorator(1)
def receiving_performance():
return render_template("01-Dashboards/01-Performance/01-receiving-performance.html")
it works for the first call function, then it returns an error, when I use it for the next function/route
AssertionError: View function mapping is overwriting an existing endpoint function: wrapped
what can be the problem, thanks.
I'm using Wagtail as a headless CMS / API, however instead of using the PagesAPIViewSet I've gone the route of overriding the serve() method as described here to fetch pages:
https://docs.wagtail.org/en/stable/reference/contrib/routablepage.html
This has worked great since I can return a JsonResponse. The problem is that (as far as I understand), debug toolbar only works with the standard rest framework Response(), so I'm trying to find a way to return a DRF Response instead.
The error I'm getting is ".accepted_renderer not set on Response"
How would I set the accepted renderer?
This is roughly what I've got:
from rest_framework.response import Response
from wagtail.core.models import Page
class BasePage(Page, RoutablePageMixin):
....
def serve(self, request, *args, **kwargs):
context = self.get_context(request, *args, **kwargs) # Context where I serialize data to JSON etc.
return Response(data=context['data'], status=status.HTTP_200_OK) ##Throws error, with JsonResponse() it works fine.
I am writting an API in Django Rest Framework. I am using viewsets however regular methods create() and update() do not do it for me and I have to rewrite them.
Suppose that I need to do just one check to test if creation of an instance is legit, do I still have to rewrite the whole create function?
Currently I have this:
class LocationViewSet(viewsets.ModelViewSet):
permission_classes = (IsAuthenticated,)
serializer_class = LocationSerializer
def create(self, request, *args, **kwargs):
user = request.user
serializer = self.get_serializer(data=request.data)
serializer.is_valid(raise_exception=True)
if user.can_create_location():
serializer.save()
return Response(serializer.data)
else:
raise exceptions.PermissionDenied('You dont have permission to create this.')
Instead of rewritting the whole thing, is it possible to somehow use inheritance and do something like this?
class LocationViewSet(viewsets.ModelViewSet):
permission_classes = (IsAuthenticated,)
serializer_class = LocationSerializer
def create(self, request, *args, **kwargs):
user = request.user
if user.can_create_location():
return super().create(self, request, *args, **kwargs)
else:
raise exceptions.PermissionDenied('You dont have permission to create this.')
The above does not work as I get this error. I feel like this should be possible to do, but I don't know how. Thanks for your help!
AttributeError at /api/0/location
LocationViewSet' object has no attribute 'data'
Request Method: POST
Request URL: http://127.0.0.1:8000/api/0/location
Django Version: 2.1.7
Yes, it does work, and you're doing it almost correctly... as per your error: the function is trying to access LocationViewSet.data as you're passing self in the first argument, change that call to:
super().create(request, *args, **kwargs)
Python standard docs has some info on super() and a link to a more in depth explanation.
I’d like to create a detail route that renders the data of the current user.
If I use a custom router:
class CustomRouter(routers.DefaultRouter):
def __init__(self, *args, **kwargs):
super(CustomRouter, self).__init__(*args, **kwargs)
self.routes.append(
routers.Route(url=r'^{prefix}/current{trailing_slash}',
mapping={'get': 'current'},
name='{basename}-current',
initkwargs={'suffix': 'Detail'}))
rest_router = CustomRouter()
urlpatterns = [
url(r'^', include(rest_router.urls)),
]
it works, and I can access my logged in user at /api/users/current/.
However, if I use my CustomUser and register the my whole UserViewSet (which descends from viewsets.ReadOnlyModelViewSet):
rest_router.register(r'users', viewsets.UserViewSet)
my current/ route stops working. Is there a way I can add such a custom detail route that doesn’t require a pk?
Edit: my second approach was to add a #list_route that actually returns only one object instead of one. This doesn’t require a custom router at all, just an extra method on my UserViewSet:
class UserViewSet(viewsets.ReadOnlyModelViewSet):
…
#list_route(methods=['get'])
def current(self, request):
return Response(self.serializer_class(request.user).data)
This, however, is pretty ugly for obvious reasons: why would I return one object in a list route?
While writing some views to respond to ajax requests i find it somewhat strange that the login_required decorator always returns a 302 status code for not authenticated users. As these views are ajax views, this seems somewhat inappropriate. I do not want the user to log in in such a case, but i want Django to tell the client that authentication is required to access such a view (a 401 should be the right status code, i think).
To achieve this, i started to write my own decorator login_required_ajax, but somehow this is beyond my skills. This is what i have come up with so far:
def login_required_ajax(function=None,redirect_field_name=None):
"""
Just make sure the user is authenticated to access a certain ajax view
Otherwise return a HttpResponse 401 - authentication required
instead of the 302 redirect of the original Django decorator
"""
def _decorator(view_func):
def _wrapped_view(request, *args, **kwargs):
if request.user.is_authenticated():
return view_func(request, *args, **kwargs)
else:
return HttpResponse(status=401)
if function is None:
return _decorator
else:
return _decorator(function)
When using this decorator on a view, i get a ViewDoesNotExist exception as soon as i try to access any page on the site.
I first thought that the problem could be the direct return of an HttpResponse when a user is not authenticated, because a response object is not a callable. But then the decorator should work as long as i do not try to access the view in question, shouldn't it? And if this really is the crux, how can i write a decorator that returns a HttpResponse with a status code of 401?
That's a pretty good attempt. Here's a couple of problems I spotted:
Your _decorator function should return _wrapped_view.
The indentation for your if function is None block is a bit off -- the login_required_ajax function needs to return the decorated function.
Here's the decorator with those changes made:
def login_required_ajax(function=None,redirect_field_name=None):
"""
Just make sure the user is authenticated to access a certain ajax view
Otherwise return a HttpResponse 401 - authentication required
instead of the 302 redirect of the original Django decorator
"""
def _decorator(view_func):
def _wrapped_view(request, *args, **kwargs):
if request.user.is_authenticated():
return view_func(request, *args, **kwargs)
else:
return HttpResponse(status=401)
return _wrapped_view
if function is None:
return _decorator
else:
return _decorator(function)