Search code examples
djangodjango-rest-framework

How can I stop django REST framework to show all records if query parameter is wrong

I am using Django REST Framework and i am using filters to filter the query set.

http://www.django-rest-framework.org/api-guide/filtering/#filtering-against-query-parameters

like this

http://example.com/api/products/4675/?category=clothing&max_price=10.00

But i have seen that if there is error in filters or the query parameters does not exist then it displays all results which is very bad.

I rather want no results if there is issue with query parameters because sometimes i don't know if that is working or not

EDIT

This is my code

class userFilter(django_filters.FilterSet):
    strict = True

    class Meta:
        model = User
        fields = ('is_active', 'is_archived', 'age')

REST

class UserListCreateView(generics.ListCreateAPIView):
    queryset = User.objects.filter(is_archived=False)
    ordering_fields = ('is_active')
    filter_class = userFilter

This is REST settings

REST_FRAMEWORK = {
    'DEFAULT_MODEL_SERIALIZER_CLASS':
        'rest_framework.serializers.HyperlinkedModelSerializer',
    'DEFAULT_PERMISSION_CLASSES': [
        'rest_framework.permissions.IsAuthenticated',
    ],
    'DEFAULT_FILTER_BACKENDS': (
        'rest_framework.filters.DjangoFilterBackend',
        'rest_framework.filters.SearchFilter',
        'rest_framework.filters.OrderingFilter',
    ),
    # 'PAGINATE_BY': 1,                 
    'PAGINATE_BY_PARAM': 'page_size',  
    'MAX_PAGINATE_BY': 100,             
    'DEFAULT_AUTHENTICATION_CLASSES': (
        'rest_framework.authentication.BasicAuthentication',
        'rest_framework.authentication.SessionAuthentication',
        'rest_framework.authentication.TokenAuthentication',
    )
}
Solution

  • If you are using the DjangoFilterBackend, take a look at the strict Non-Meta option.

    The strict option controls whether results are returned when an invalid value is specified by the user for any filter field. By default, strict is set to True meaning that an empty queryset is returned if any field contains an invalid value. You can loosen this behavior by setting strict to False which will effectively ignore a filter field if its value is invalid.

    The filter:

    from django_filters.filterset import FilterSet

class UserFilter(FilterSet):
    strict = True

    class Meta:
        model = User
        fields = ['username']

    The settings: (assumes you have installed django-filter)

    REST_FRAMEWORK = {
    'DEFAULT_FILTER_BACKENDS': ('rest_framework.filters.DjangoFilterBackend',)
}

    Now, if someone does:

    http://api.example.com/users/?username=myuser&badfilter=1

    ...it will return an empty list, as badfilter does not exist.

    As the FilterSet automatically defaults to strict=True, I have a feeling that you are not taking advantage of the DjangoFilterBackend.