django-rest-framework/docs/api-guide/viewsets.md

289 lines
12 KiB
Markdown
Raw Normal View History

source: viewsets.py
2013-03-30 20:54:22 +04:00
# ViewSets
2013-04-11 18:48:41 +04:00
> After routing has determined which controller to use for a request, your controller is responsible for making sense of the request and producing the appropriate output.
>
> — [Ruby on Rails Documentation][cite]
2013-03-30 20:54:22 +04:00
Django REST framework allows you to combine the logic for a set of related views in a single class, called a `ViewSet`. In other frameworks you may also find conceptually similar implementations named something like 'Resources' or 'Controllers'.
A `ViewSet` class is simply **a type of class-based View, that does not provide any method handlers** such as `.get()` or `.post()`, and instead provides actions such as `.list()` and `.create()`.
The method handlers for a `ViewSet` are only bound to the corresponding actions at the point of finalizing the view, using the `.as_view()` method.
2013-05-17 14:27:48 +04:00
Typically, rather than explicitly registering the views in a viewset in the urlconf, you'll register the viewset with a router class, that automatically determines the urlconf for you.
2013-03-30 20:54:22 +04:00
## Example
2013-05-17 14:27:48 +04:00
Let's define a simple viewset that can be used to list or retrieve all the users in the system.
2013-03-30 20:54:22 +04:00
from django.contrib.auth.models import User
from django.shortcuts import get_object_or_404
from myapps.serializers import UserSerializer
from rest_framework import viewsets
from rest_framework.response import Response
2013-04-26 16:31:19 +04:00
class UserViewSet(viewsets.ViewSet):
2013-03-30 20:54:22 +04:00
"""
A simple ViewSet for listing or retrieving users.
2013-03-30 20:54:22 +04:00
"""
def list(self, request):
2013-04-26 13:23:05 +04:00
queryset = User.objects.all()
serializer = UserSerializer(queryset, many=True)
2013-03-30 20:54:22 +04:00
return Response(serializer.data)
2013-03-30 20:54:22 +04:00
def retrieve(self, request, pk=None):
2013-04-26 13:23:05 +04:00
queryset = User.objects.all()
user = get_object_or_404(queryset, pk=pk)
2013-03-30 20:54:22 +04:00
serializer = UserSerializer(user)
return Response(serializer.data)
2013-05-28 18:09:23 +04:00
If we need to, we can bind this viewset into two separate views, like so:
2013-03-30 20:54:22 +04:00
user_list = UserViewSet.as_view({'get': 'list'})
user_detail = UserViewSet.as_view({'get': 'retrieve'})
Typically we wouldn't do this, but would instead register the viewset with a router, and allow the urlconf to be automatically generated.
from myapp.views import UserViewSet
from rest_framework.routers import DefaultRouter
2013-04-25 15:47:34 +04:00
router = DefaultRouter()
router.register(r'users', UserViewSet, base_name='user')
2013-04-25 15:47:34 +04:00
urlpatterns = router.urls
2013-04-26 16:31:19 +04:00
Rather than writing your own viewsets, you'll often want to use the existing base classes that provide a default set of behavior. For example:
class UserViewSet(viewsets.ModelViewSet):
"""
A viewset for viewing and editing user instances.
"""
serializer_class = UserSerializer
queryset = User.objects.all()
2013-04-04 23:00:44 +04:00
There are two main advantages of using a `ViewSet` class over using a `View` class.
* Repeated logic can be combined into a single class. In the above example, we only need to specify the `queryset` once, and it'll be used across multiple views.
* By using routers, we no longer need to deal with wiring up the URL conf ourselves.
Both of these come with a trade-off. Using regular views and URL confs is more explicit and gives you more control. ViewSets are helpful if you want to get up and running quickly, or when you have a large API and you want to enforce a consistent URL configuration throughout.
2013-04-25 20:39:33 +04:00
## ViewSet actions
The default routers included with REST framework will provide routes for a standard set of create/retrieve/update/destroy style actions, as shown below:
2013-04-25 20:39:33 +04:00
2013-05-26 06:52:45 +04:00
class UserViewSet(viewsets.ViewSet):
2013-04-25 20:39:33 +04:00
"""
Example empty viewset demonstrating the standard
actions that will be handled by a router class.
2013-04-26 16:31:19 +04:00
If you're using format suffixes, make sure to also include
the `format=None` keyword argument for each action.
2013-04-25 20:39:33 +04:00
"""
def list(self, request):
pass
def create(self, request):
pass
def retrieve(self, request, pk=None):
pass
def update(self, request, pk=None):
pass
def partial_update(self, request, pk=None):
pass
def destroy(self, request, pk=None):
pass
During dispatch the name of the current action is available via the `.action` attribute.
You may inspect `.action` to adjust behaviour based on the current action.
For example, you could restrict permissions to everything except the `list` action similar to this:
def get_permissions(self):
"""
Instantiates and returns the list of permissions that this view requires.
"""
if self.action == 'list':
permission_classes = [IsAuthenticated]
else:
permission_classes = [IsAdmin]
return [permission() for permission in permission_classes]
## Marking extra actions for routing
If you have ad-hoc methods that you need to be routed to, you can mark them as requiring routing using the `@detail_route` or `@list_route` decorators.
2013-06-06 01:41:29 +04:00
The `@detail_route` decorator contains `pk` in its URL pattern and is intended for methods which require a single instance. The `@list_route` decorator is intended for methods which operate on a list of objects.
2013-04-25 20:39:33 +04:00
For example:
from django.contrib.auth.models import User
2013-07-19 06:03:38 +04:00
from rest_framework import status
2013-04-25 20:39:33 +04:00
from rest_framework import viewsets
from rest_framework.decorators import detail_route, list_route
2013-07-16 00:23:34 +04:00
from rest_framework.response import Response
from myapp.serializers import UserSerializer, PasswordSerializer
2013-04-25 20:39:33 +04:00
class UserViewSet(viewsets.ModelViewSet):
"""
A viewset that provides the standard actions
2013-04-25 20:39:33 +04:00
"""
queryset = User.objects.all()
serializer_class = UserSerializer
@detail_route(methods=['post'])
2013-04-25 20:39:33 +04:00
def set_password(self, request, pk=None):
user = self.get_object()
serializer = PasswordSerializer(data=request.data)
2013-04-25 20:39:33 +04:00
if serializer.is_valid():
user.set_password(serializer.data['password'])
user.save()
return Response({'status': 'password set'})
else:
return Response(serializer.errors,
status=status.HTTP_400_BAD_REQUEST)
@list_route()
2013-06-06 01:41:29 +04:00
def recent_users(self, request):
recent_users = User.objects.all().order('-last_login')
2013-06-06 01:41:29 +04:00
page = self.paginate_queryset(recent_users)
if page is not None:
serializer = self.get_serializer(page, many=True)
return self.get_paginated_response(serializer.data)
serializer = self.get_serializer(recent_users, many=True)
2013-06-06 01:41:29 +04:00
return Response(serializer.data)
The decorators can additionally take extra arguments that will be set for the routed view only. For example...
2013-04-25 20:39:33 +04:00
@detail_route(methods=['post'], permission_classes=[IsAdminOrIsSelf])
2013-04-25 20:39:33 +04:00
def set_password(self, request, pk=None):
...
2013-04-04 23:00:44 +04:00
2015-01-24 23:53:21 +03:00
These decorators will route `GET` requests by default, but may also accept other HTTP methods, by using the `methods` argument. For example:
@detail_route(methods=['post', 'delete'])
def unset_password(self, request, pk=None):
...
The two new actions will then be available at the urls `^users/{pk}/set_password/$` and `^users/{pk}/unset_password/$`
## Reversing action URLs
If you need to get the URL of an action, use the `.reverse_action()` method. This is a convenience wrapper for `reverse()`, automatically passing the view's `request` object and prepending the `url_name` with the `.basename` attribute.
Note that the `basename` is provided by the router during `ViewSet` registration. If you are not using a router, then you must provide the `basename` argument to the `.as_view()` method.
Using the example from the previous section:
```python
>>> view.reverse_action('set-password', args=['1'])
'http://localhost:8000/api/users/1/set_password'
```
The `url_name` argument should match the same argument to the `@list_route` and `@detail_route` decorators. Additionally, this can be used to reverse the default `list` and `detail` routes.
2013-04-25 23:43:37 +04:00
---
2013-03-30 20:54:22 +04:00
# API Reference
## ViewSet
The `ViewSet` class inherits from `APIView`. You can use any of the standard attributes such as `permission_classes`, `authentication_classes` in order to control the API policy on the viewset.
The `ViewSet` class does not provide any implementations of actions. In order to use a `ViewSet` class you'll override the class and define the action implementations explicitly.
2013-05-09 16:31:42 +04:00
## GenericViewSet
The `GenericViewSet` class inherits from `GenericAPIView`, and provides the default set of `get_object`, `get_queryset` methods and other generic view base behavior, but does not include any actions by default.
In order to use a `GenericViewSet` class you'll override the class and either mixin the required mixin classes, or define the action implementations explicitly.
2013-03-30 20:54:22 +04:00
## ModelViewSet
2013-05-09 16:31:42 +04:00
The `ModelViewSet` class inherits from `GenericAPIView` and includes implementations for various actions, by mixing in the behavior of the various mixin classes.
2013-03-30 20:54:22 +04:00
The actions provided by the `ModelViewSet` class are `.list()`, `.retrieve()`, `.create()`, `.update()`, `.partial_update()`, and `.destroy()`.
2013-03-30 20:54:22 +04:00
2013-04-04 23:00:44 +04:00
#### Example
Because `ModelViewSet` extends `GenericAPIView`, you'll normally need to provide at least the `queryset` and `serializer_class` attributes. For example:
2013-04-04 23:00:44 +04:00
class AccountViewSet(viewsets.ModelViewSet):
"""
A simple ViewSet for viewing and editing accounts.
"""
queryset = Account.objects.all()
serializer_class = AccountSerializer
permission_classes = [IsAccountAdminOrReadOnly]
Note that you can use any of the standard attributes or method overrides provided by `GenericAPIView`. For example, to use a `ViewSet` that dynamically determines the queryset it should operate on, you might do something like this:
class AccountViewSet(viewsets.ModelViewSet):
"""
A simple ViewSet for viewing and editing the accounts
associated with the user.
"""
serializer_class = AccountSerializer
permission_classes = [IsAccountAdminOrReadOnly]
def get_queryset(self):
2013-07-16 00:23:34 +04:00
return self.request.user.accounts.all()
2013-04-04 23:00:44 +04:00
Note however that upon removal of the `queryset` property from your `ViewSet`, any associated [router][routers] will be unable to derive the base_name of your Model automatically, and so you will have to specify the `base_name` kwarg as part of your [router registration][routers].
2013-04-04 23:00:44 +04:00
Also note that although this class provides the complete set of create/list/retrieve/update/destroy actions by default, you can restrict the available operations by using the standard permission classes.
2013-03-30 20:54:22 +04:00
## ReadOnlyModelViewSet
The `ReadOnlyModelViewSet` class also inherits from `GenericAPIView`. As with `ModelViewSet` it also includes implementations for various actions, but unlike `ModelViewSet` only provides the 'read-only' actions, `.list()` and `.retrieve()`.
2013-04-04 23:00:44 +04:00
#### Example
As with `ModelViewSet`, you'll normally need to provide at least the `queryset` and `serializer_class` attributes. For example:
class AccountViewSet(viewsets.ReadOnlyModelViewSet):
"""
A simple ViewSet for viewing accounts.
"""
queryset = Account.objects.all()
serializer_class = AccountSerializer
Again, as with `ModelViewSet`, you can use any of the standard attributes and method overrides available to `GenericAPIView`.
# Custom ViewSet base classes
2013-03-30 20:54:22 +04:00
2013-05-09 16:31:42 +04:00
You may need to provide custom `ViewSet` classes that do not have the full set of `ModelViewSet` actions, or that customize the behavior in some other way.
2013-03-30 20:54:22 +04:00
2013-04-25 01:40:24 +04:00
## Example
2013-05-09 16:31:42 +04:00
To create a base viewset class that provides `create`, `list` and `retrieve` operations, inherit from `GenericViewSet`, and mixin the required actions:
from rest_framework import mixins
class CreateListRetrieveViewSet(mixins.CreateModelMixin,
mixins.ListModelMixin,
mixins.RetrieveModelMixin,
2013-05-09 16:31:42 +04:00
viewsets.GenericViewSet):
2013-03-30 20:54:22 +04:00
"""
A viewset that provides `retrieve`, `create`, and `list` actions.
2013-04-25 01:40:24 +04:00
To use it, override the class and set the `.queryset` and
`.serializer_class` attributes.
2013-03-30 20:54:22 +04:00
"""
pass
2013-05-09 16:31:42 +04:00
By creating your own base `ViewSet` classes, you can provide common behavior that can be reused in multiple viewsets across your API.
2013-03-30 20:54:22 +04:00
2013-04-26 16:31:19 +04:00
[cite]: http://guides.rubyonrails.org/routing.html
[routers]: routers.md