Skip to content
Advertisement

Django foreign key JWT auth

In my project I have the Post and Category Model and full working JWT Authentication.

class Category(models.Model):
    name = models.CharField(max_length=255)

    def __str__(self):
        return self.name

class Post(models.Model):
    title = models.CharField(max_length=50)
    content = models.TextField()
    created = models.DateTimeField(auto_now_add=True)
    updated = models.DateTimeField(auto_now=True)
    author = models.ForeignKey(User, on_delete=models.CASCADE)
    category = models.ManyToManyField(Category, related_name='posts')

class Category(models.Model):
    name = models.CharField(max_length=255)

    def __str__(self):
        return self.name

I want to create a view, that creates a new Post object, in which author will be assigned to Token owner that I pass in authorization (Bearer Token ) postman.image.example. I dont know how to do it please help. Sorry for my english.

Serializer

class PostSerializer(FlexFieldsModelSerializer):
    class Meta:
        model = Post
        fields = '__all__'
        read_only_fields = ['id', 'created']
        expandable_fields = {
            'category': ('blog.CategorySerializer', {'many': True}),
            'comments': ('blog.CommentSerializer', {'many': True}),
            'images': ('blog.ImageSerializer', {'many': True}),
        }

Advertisement

Answer

From what I understand, you want to automatically associate the request.user as the author of the post (s)he creates. Whether your auth is JWT-based or session-based does not influenced that (as long as it is set up correctly).

For this you need to pass the request object to your serializer, here is the trick:

# serializers.py

class PostSerializer(FlexFieldsModelSerializer):
    class Meta:
        model = Post
        fields = '__all__'
        read_only_fields = ['id', 'created', 'author'] # set author as read-only field
        expandable_fields = {
            'category': ('blog.CategorySerializer', {'many': True}),
            'comments': ('blog.CommentSerializer', {'many': True}),
            'images': ('blog.ImageSerializer', {'many': True}),
        }

    def create(self, validated_data):
        # here you get the user from the request
        user = self.context['request'].user
        return Post.objects.create(author=user, **validated_data)

# views.py

from .models import Post
from .serializers import PostSerializer
from rest_framework import generics
from rest_framework.permissions import IsAuthenticated

class PostCreate(generics.CreateAPIView):
    queryset=Post.objects.all()
    serializer_class = PostSerializer
    permission_classes = [IsAuthenticated]

    def get_serializer_context(self):
        # this is the trick since you want to pass the request object to your serializer
        context = super().get_serializer_context()
        context.update({"request": self.request})
        return context
User contributions licensed under: CC BY-SA
3 People found this is helpful
Advertisement