Start Your API
创建项目
startproject rest_api
创建APP
startapp task
配置 rest_api/settings.py
INSTALLED_APPS = (
'django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
'rest_framework',
'task',
)
配置 rest_api/urls.py
# -*- coding:utf-8 -*-
from django.conf.urls import url, include
urlpatterns = [
url(r'^api/', include('task.urls')),
]
创建模型 task/models.py
# -*- coding:utf-8 -*-
from django.db import models
class Task(models.Model):
title = models.CharField('标题', max_length=100)
description = models.TextField('描述')
completed = models.BooleanField('是否完成', default=False)
create_date = models.DateTimeField('创建时间', auto_now_add=True)
def __unicode__(self):
return self.title
序列化 task/serializers.py
# -*- coding:utf-8 -*-
from rest_framework import serializers
from .models import Task
class TaskSerializer(serializers.ModelSerializer):
class Meta:
model = Task
fields = ('id', 'title', 'description', 'completed', 'create_date')
视图 task/views.py
# -*- coding:utf-8 -*-
from rest_framework.decorators import api_view
from rest_framework import status
from rest_framework.response import Response
from rest_framework.views import APIView
from rest_framework import generics
from .models import Task
from .serializers import TaskSerializer
# 第一种方式:APIView
class TaskList(APIView):
def get(self, request, format=None):
tasks = Task.objects.all()
serializer = TaskSerializer(tasks, many=True)
return Response(serializer.data)
def post(self, request, format=None):
serializer = TaskSerializer(data=request.data)
if serializer.is_valid():
serializer.save()
return Response(serializer.data, status=status.HTTP_201_CREATED)
else:
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
# 第二种方式:通用视图 ListCreateAPIView
class TaskListCreate(generics.ListCreateAPIView):
queryset = Task.objects.all()
serializer_class = TaskSerializer
# 第三种方式:装饰器 api_view
@api_view(['GET', 'POST'])
def task_list(request):
'''
List all tasks, or create a new task.
'''
if request.method == 'GET':
tasks = Task.objects.all()
serializer = TaskSerializer(tasks, many=True)
return Response(serializer.data)
elif request.method == 'POST':
serializer = TaskSerializer(data=request.data)
if serializer.is_valid():
serializer.save()
return Response(serializer.data, status=status.HTTP_201_CREATED)
else:
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
@api_view(['GET', 'PUT', 'DELETE'])
def task_detail(request, pk):
try:
task = Task.objects.get(pk=pk)
except Task.DoesNotExist:
return Response(status=status.HTTP_404_NOT_FOUND)
if request.method == 'GET':
serializer = TaskSerializer(task)
return Response(serializer.data)
elif request.method == 'PUT':
serializer = TaskSerializer(task, data=request.data)
if serializer.is_valid():
serializer.save()
return Response(serializer.data)
else:
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
elif request.method == 'DELETE':
task.delete()
return Response(status=status.HTTP_204_NO_CONTENT)
路由 task/urls.py
# -*- coding:utf-8 -*-
from django.conf.urls import url
from . import views
urlpatterns = [
url(r'^tasks/$', views.task_list, name='task_list'),
# url(r'^tasks/$', views.TaskList.as_view(), name='task_list'),
# url(r'^tasks/$', views.TaskListCreate.as_view(), name='task_list'),
url(r'^tasks/(?P<pk>[0-9]+)$', views.task_detail, name='task_detail'),
]
Command Line
curl http://localhost:8000/api/tasks/
curl -X POST http://localhost:8000/api/tasks/ -d "title=hello world&description=a whole new world"
curl -X PUT http://localhost:8000/api/tasks/1 -d "title=hello world&description=be nice"
curl -X DELETE http://localhost:8000/api/tasks/1
Permissions & Authentication
创建项目
startproject rest_api
创建 APP
startapp task
配置 rest_api/settings.py
INSTALLED_APPS = (
'django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
'rest_framework',
'task',
)
配置 rest_api/urls.py
# -*- coding:utf-8 -*-
from django.conf.urls import url, include
urlpatterns = [
url(r'^api-auth/', include('rest_framework.urls', namespace='rest_framework')),
url(r'^api/', include('task.urls')),
]
创建模型 task/models.py
# -*- coding:utf-8 -*-
from django.db import models
class Task(models.Model):
owner = models.ForeignKey('auth.User', related_name='tasks')
title = models.CharField('标题', max_length=100)
description = models.TextField('描述')
completed = models.BooleanField('是否完成', default=False)
create_date = models.DateTimeField('创建时间', auto_now_add=True)
def __unicode__(self):
return self.title
序列化 task/serializers.py
# -*- coding:utf-8 -*-
from rest_framework import serializers
from .models import Task
class TaskSerializer(serializers.ModelSerializer):
owner = serializers.ReadOnlyField(source='owner.username')
class Meta:
model = Task
fields = ('id', 'title', 'description', 'completed', 'owner')
创建 task/permissions.py
# -*- coding:utf-8 -*-
from rest_framework.permissions import IsAuthenticatedOrReadOnly, SAFE_METHODS
class IsOwnerOrReadOnly(IsAuthenticatedOrReadOnly):
def has_object_permission(self, request, view, obj):
if request.method in SAFE_METHODS:
return True
return obj.owner == request.user
视图 task/views.py
# -*- coding:utf-8 -*-
from rest_framework.generics import ListCreateAPIView, RetrieveUpdateDestroyAPIView
from .models import Task
from .serializers import TaskSerializer
from .permissions import IsOwnerOrReadOnly
class TaskMixin(object):
queryset = Task.objects.all()
serializer_class = TaskSerializer
permission_classes = (IsOwnerOrReadOnly,)
class TaskList(TaskMixin, ListCreateAPIView):
def perform_create(self, serializer):
serializer.save(owner=self.request.user)
class TaskDetail(TaskMixin, RetrieveUpdateDestroyAPIView):
pass
路由 task/urls.py
# -*- coding:utf-8 -*-
from django.conf.urls import url
from . import views
urlpatterns = [
url(r'^tasks/$', views.TaskList.as_view(), name='task_list'),
url(r'^tasks/(?P<pk>[0-9]+)$', views.TaskDetail.as_view(), name='task_detail'),
]
Command Line
curl http://localhost:8000/api/tasks/
curl -X POST http://localhost:8000/api/tasks/ -d "title=basic&description=BasicAuthentication" -u admin:password
curl -X PUT http://localhost:8000/api/tasks/1 -d "title=basic&description=BasicAuthentication&completed=True" -u admin:password
curl -X DELETE http://localhost:8000/api/tasks/1 -u admin:password
curl -X POST http://localhost:8000/api/tasks/ -H "X-CSRFToken: token" --cookie "sessionid=session; csrftoken=token" -d "title=session&description=SessionAuthentication"
# X-CSRFToken in headers just need be the same with csrftoken in cookie.
上面是两种默认的认证方式(SessionAuthentication 和 BasicAuthentication),还有 TokenAuthentication。
通过以上,未授权认证的用户只能查看,只有授权认证的用户才可以进行创建,删除,更新操作。