With CreateAPIView from the REST API I am trying to stop users from
creating data in another users name.
In models.py:
class UserData(models.Model):
user = models.OneToOneField(User, db_index=True,
related_name='userdata', blank=False, null=False)
textdata = models.TextField(blank=True, null=True)
In views.py:
class UserDataCreateView(generics.CreateAPIView):
permission_classes = [permissions.IsAuthenticated]
serializer_class = UserDataSerializer
queryset = UserData.objects.all()
def create(self, request, *args, **kwargs):
instance = self.get_object()
if instance.user != request.user:
raise PermissionDenied
return super(UserDataCreateView, self).create(request, *args,
**kwargs)
Gives the error:
Expected view UserDataCreateView to be called with a URL keyword argument
named "pk". Fix your URL conf, or set the `.lookup_field` attribute on the
view correctly.
What am I doing wrong? Alternatively, how would I set the user ID on the
newly created record without saving twice (which would not be a good idea) ?
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-users/58f8053e-c13e-4d45-b480-e6b53abb1ea4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
