Also check out this thread where I answered a similar question: https://groups.google.com/d/msg/django-users/W5uCKzWOnuE/Ang4RFK0BCYJ
-James On Thu, Jul 9, 2015 at 1:16 PM, Carlton Gibson <[email protected]> wrote: > Hi Daniel, > > The call to get_object won't work, since Create views don't yet have an > object to fetch. > > The correct approach is override perform_create and pass the user to your > serialiser's save method. > > There's a section in the tutorial that covers this exact use case: > > http://www.django-rest-framework.org/tutorial/4-authentication-and-permissions/#associating-snippets-with-users > > Check it out. Hopefully that helps. > > Also you may find more luck with DRF related questions on the DRF mailing > list itself: > > https://groups.google.com/forum/?fromgroups#!forum/django-rest-framework > > Kind Regards, Carlton > > — > > > > On Thu, Jul 9, 2015 at 7:44 PM, Daniel Grace <[email protected]> wrote: >> >> With CreateAPIView from the REST API I am trying to stop users from >> creating data in another users name. >> >> In models.py: >> class UserData(models.Model): >> user = models.OneToOneField(User, db_index=True, >> related_name='userdata', blank=False, null=False) >> textdata = models.TextField(blank=True, null=True) >> >> In views.py: >> class UserDataCreateView(generics.CreateAPIView): >> permission_classes = [permissions.IsAuthenticated] >> serializer_class = UserDataSerializer >> queryset = UserData.objects.all() >> def create(self, request, *args, **kwargs): >> instance = self.get_object() >> if instance.user != request.user: >> raise PermissionDenied >> return super(UserDataCreateView, self).create(request, *args, >> **kwargs) >> >> Gives the error: >> Expected view UserDataCreateView to be called with a URL keyword argument >> named "pk". Fix your URL conf, or set the `.lookup_field` attribute on the >> view correctly. >> >> What am I doing wrong? Alternatively, how would I set the user ID on the >> newly created record without saving twice (which would not be a good idea) ? >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Django users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To post to this group, send email to [email protected]. >> Visit this group at http://groups.google.com/group/django-users. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/django-users/58f8053e-c13e-4d45-b480-e6b53abb1ea4%40googlegroups.com. >> For more options, visit https://groups.google.com/d/optout. > > > -- > You received this message because you are subscribed to the Google Groups > "Django users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > Visit this group at http://groups.google.com/group/django-users. > To view this discussion on the web visit > https://groups.google.com/d/msgid/django-users/1436472988413.9e4a408a%40Nodemailer. > > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/django-users. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CA%2Be%2BciU-%3DBEtdFBCtLO0W82q1s52X4Q2CyP6UMB%3DZMOjnhSoZw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
