Hi Daniel,
The call to get_object won't work, since Create views don't yet have an object to fetch. The correct approach is override perform_create and pass the user to your serialiser's save method. There's a section in the tutorial that covers this exact use case: http://www.django-rest-framework.org/tutorial/4-authentication-and-permissions/#associating-snippets-with-users Check it out. Hopefully that helps. Also you may find more luck with DRF related questions on the DRF mailing list itself: https://groups.google.com/forum/?fromgroups#!forum/django-rest-framework Kind Regards, Carlton — On Thu, Jul 9, 2015 at 7:44 PM, Daniel Grace <[email protected]> wrote: > With CreateAPIView from the REST API I am trying to stop users from > creating data in another users name. > In models.py: > class UserData(models.Model): > user = models.OneToOneField(User, db_index=True, > related_name='userdata', blank=False, null=False) > textdata = models.TextField(blank=True, null=True) > In views.py: > class UserDataCreateView(generics.CreateAPIView): > permission_classes = [permissions.IsAuthenticated] > serializer_class = UserDataSerializer > queryset = UserData.objects.all() > def create(self, request, *args, **kwargs): > instance = self.get_object() > if instance.user != request.user: > raise PermissionDenied > return super(UserDataCreateView, self).create(request, *args, > **kwargs) > Gives the error: > Expected view UserDataCreateView to be called with a URL keyword argument > named "pk". Fix your URL conf, or set the `.lookup_field` attribute on the > view correctly. > What am I doing wrong? Alternatively, how would I set the user ID on the > newly created record without saving twice (which would not be a good idea) ? > -- > You received this message because you are subscribed to the Google Groups > "Django users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > Visit this group at http://groups.google.com/group/django-users. > To view this discussion on the web visit > https://groups.google.com/d/msgid/django-users/58f8053e-c13e-4d45-b480-e6b53abb1ea4%40googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/django-users. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/1436472988413.9e4a408a%40Nodemailer. For more options, visit https://groups.google.com/d/optout.
