0

I have the following 4 class based views in DRF to perform CRUD operation on a model called Trips.

from rest_framework import generics

class TripCreateView(CreateAPIView): 
    #code that creates a Trip

class TripListView(ListAPIView):
    #code that lists Trips

class TripDetailView(RetrieveAPIView):
    #code that gives details of a Trip

class TripUpdateView(UpdateAPIView):
    #code that updates a particular trip details

class TripDeleteView(DestroyAPIView):
    #code that deletes an instance

Now in-order to wire up the urls to each view, my urls.py looks like this:

urlpatterns = [
url(r'^trip/$', TripCreateView.as_view()),
url(r'^trip/list/$',TripListView.as_view()),
url(r'^trip/(?P<pk>[0-9]+)/detail/$', TripDetailView.as_view()),
url(r'^trip/(?P<pk>[0-9]+)/update/$', TripUpdateView.as_view()),
url(r'^trip/(?P<pk>[0-9]+)/delete/$', TripDeleteView.as_view())
]

This works as expected.However, as is evident, those API endpoints are poorly designed since the URI has the http method as well in it. RESTFUL API endpoints don't have the HTTP method in the URI as look like this:

Endpoint             HTTP METHOD          Result
trips                GET                Gets all Trips
trips/:id            GET                Gets details of a Trip
trips                POST               Creates a Trip
trips/:id            PUT                Updates a Trip
trips:/id            DELETE             Deletes a Trip

I know Viewsets can help achieve this but I can't use them because of certain other restrictions.Can this be achieved just by using class based views that I am using ?

Amistad
  • 7,100
  • 13
  • 48
  • 75
  • 2
    But that is *exactly* what viewsets are for. What "other restrictions"? – Daniel Roseman Nov 20 '18 at 11:08
  • @Daniel Roseman..how do I use different permission classes in view sets for different methods like list, create etc ? – Amistad Nov 20 '18 at 11:49
  • You can create a [custom permissions class](https://www.django-rest-framework.org/api-guide/permissions/#custom-permissions), or you can just define those methods in your subclass and check permissions before calling the super method. – Daniel Roseman Nov 20 '18 at 11:53

1 Answers1

0

Quite surprised this one didn't receive an answer.

This is to do with HTTP verbs and how the Django Rest Framework can map them.

Anyways, you would preferentially want something like for your viewset:

from rest_framework import (
    mixins,
    viewsets
)

from trips.models import Trip
from trips.api.serializers import TripSerializer

class TripView(
    viewsets.GenericViewSet,
    mixins.ListModelMixin,
    mixins.CreateModelMixin,
    mixins.RetrieveModelMixin,
    mixins.UpdateModelMixin,
    mixins.DestroyModelMixin,
):

    queryset = Trip.objects.all()
    serializer_class = TripSerializer

    """
    Example empty viewset demonstrating the standard
    actions that will be handled by a router class.

    If you're using format suffixes, make sure to also include
    the `format=None` keyword argument for each action.
    """

    def list(self, request):
        pass

    def create(self, request):
        pass

    def retrieve(self, request, pk=None):
        pass

    def update(self, request, pk=None):
        pass

    def destroy(self, request, pk=None):
        pass

More information here: https://www.django-rest-framework.org/api-guide/viewsets/

Failing that, you could just ammend these lines of codes:

urlpatterns = [
    url(r'^trips/$',TripListView.as_view({'get': 'list'})),
    url(r'^trips/$', TripCreateView.as_view({'post': 'create'})),
    url(r'^trips/(?P<pk>[0-9]+)/$', TripDetailView.as_view({'get': 'retrieve'})),
    url(r'^trips/(?P<pk>[0-9]+)/$', TripUpdateView.as_view({'put': 'update'})),
    url(r'^trips/(?P<pk>[0-9]+)/$', TripDeleteView.as_view({'delete': 'destroy'}))
]

That is to say, you have a base endpoint of http://example.com/api/v1/trips, and then each action is mapped not by appending it to the url but instead by the http verb that you are using. It's best practise to have a get and a post on the base endpoint, one "lists" and the other will "create" (to create, you have to post a fully JSON serialzed object to the create endpoint). Hence, with the two verbs you can use the same endpoint but for different resource actions.

Likewise with the retrieve, update and destroy endpoints. The endpoint for these actions is the same: something like, http://example.com/api/v1/trips/<uuid:uuid> or http://example.com/api/v1/trips/<id:id>, essentially, the same as above but with an extra space for some primary key to be passed in, so the server knows which object you're aiming for. Likewise, each action is differentiated by the HTTP verb action you use, so for retrieve, update and destroy you would pass a get, put or delete verb to the request endpoint.

Hopefully that makes sense!

Micheal J. Roberts
  • 3,735
  • 4
  • 37
  • 76