With CreateAPIView from the REST API I am trying to stop users from
creating data in another users name.
In models.py:
class UserData(models.Model):
user = models.OneToOneField(User, db_index=True,
related_name='userdata', blank=False, null=False)
textdata = models.TextField(blank=True, null=True)
In views.py:
class UserDataCreateView(generics.CreateAPIView):
permission_classes = [permissions.IsAuthenticated]
serializer_class = UserDataSerializer
queryset = UserData.objects.all()
def create(self, request, *args, **kwargs):
instance = self.get_object()
if instance.user != request.user:
raise PermissionDenied
return super(UserDataCreateView, self).create(request, *args,
**kwargs)
Gives the error:
Expected view UserDataCreateView to be called with a URL keyword argument
named "pk". Fix your URL conf, or set the `.lookup_field` attribute on the
view correctly.
What am I doing wrong? Alternatively, how would I set the user ID on the
newly created record without saving twice (which would not be a good idea) ?
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-users/58f8053e-c13e-4d45-b480-e6b53abb1ea4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
