Hi Daniel,
The call to get_object won't work, since Create views don't yet have an object to fetch. The correct approach is override perform_create and pass the user to your serialiser's save method. There's a section in the tutorial that covers this exact use case: http://www.django-rest-framework.org/tutorial/4-authentication-and-permissions/#associating-snippets-with-users Check it out. Hopefully that helps. Also you may find more luck with DRF related questions on the DRF mailing list itself: https://groups.google.com/forum/?fromgroups#!forum/django-rest-framework Kind Regards, Carlton — On Thu, Jul 9, 2015 at 7:44 PM, Daniel Grace <danwgr...@gmail.com> wrote: > With CreateAPIView from the REST API I am trying to stop users from > creating data in another users name. > In models.py: > class UserData(models.Model): > user = models.OneToOneField(User, db_index=True, > related_name='userdata', blank=False, null=False) > textdata = models.TextField(blank=True, null=True) > In views.py: > class UserDataCreateView(generics.CreateAPIView): > permission_classes = [permissions.IsAuthenticated] > serializer_class = UserDataSerializer > queryset = UserData.objects.all() > def create(self, request, *args, **kwargs): > instance = self.get_object() > if instance.user != request.user: > raise PermissionDenied > return super(UserDataCreateView, self).create(request, *args, > **kwargs) > Gives the error: > Expected view UserDataCreateView to be called with a URL keyword argument > named "pk". Fix your URL conf, or set the `.lookup_field` attribute on the > view correctly. > What am I doing wrong? Alternatively, how would I set the user ID on the > newly created record without saving twice (which would not be a good idea) ? > -- > You received this message because you are subscribed to the Google Groups > "Django users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to django-users+unsubscr...@googlegroups.com. > To post to this group, send email to django-users@googlegroups.com. > Visit this group at http://groups.google.com/group/django-users. > To view this discussion on the web visit > https://groups.google.com/d/msgid/django-users/58f8053e-c13e-4d45-b480-e6b53abb1ea4%40googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To post to this group, send email to django-users@googlegroups.com. Visit this group at http://groups.google.com/group/django-users. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/1436472988413.9e4a408a%40Nodemailer. For more options, visit https://groups.google.com/d/optout.
