i am following a tutorial on tasty pie at Tutorial on tasty pie implem.
following is the models.py
# models.py
from tastypie.utils.timezone import now
from django.contrib.auth.models import User
from django.db import models
from django.utils.text import slugify
class Entry(models.Model):
user = models.ForeignKey(User)
pub_date = models.DateTimeField(default=now)
title = models.CharField(max_length=200)
slug = models.SlugField()
body = models.TextField()
def __unicode__(self):
return self.title
def save(self, *args, **kwargs):
# For automatic slug generation.
if not self.slug:
self.slug = slugify(self.title)[:50]
return super(Entry, self).save(*args, **kwargs)
this is the api.py within the app folder blogapp
from django.contrib.auth.models import User
from tastypie import fields
from tastypie.authorization import Authorization
from tastypie.resources import ModelResource
from blogapp.models import Entry
from tastypie.authentication import BasicAuthentication
class UserResource(ModelResource):
class Meta:
queryset = User.objects.all()
resource_name = 'user'
excludes = ['email', 'password', 'is_active', 'is_staff', 'is_superuser']
# Add it here.
authentication = BasicAuthentication()
class EntryResource(ModelResource):
user = fields.ForeignKey(UserResource, 'user')
class Meta:
queryset = Entry.objects.all()
resource_name = 'entry'
I am successfully getting authentication browser window asking for username and password when i put this url .
http://x.x.x.x:xxxx/blogapp/api/v1/user/?format=json
after authentication it is showing me data of all users in json format
how can i restrict the json data to show only information particular to only authenticated user specific. e.g only the "entries" whose "user" is the authenticated
once authenticated how to disconnect the user . restarting the server and clearing cookies is not working . once authenticated i can't get to password window again
For question 1: On your UserResource you need to overwrite the get_object_list method so it returns a filtered queryset like this:
def get_object_list(self, request):
return super(UserResource, self).get_object_list(request).filter(username=request.user)
For question 2: You need to use prepend_urls to add your login/logout endpoints by hand and call the proper django login/logout functions like this:
class UserResource(ModelResource):
class Meta:
queryset = User.objects.all()
resource_name = 'user'
excludes = ['email', 'password', 'is_active', 'is_staff', 'is_superuser']
authentication = SessionAuthentication()
def get_object_list(self, request):
return super(UserResource, self).get_object_list(request).filter(username=request.user)
def prepend_urls(self):
return [
url(r"^(?P<resource_name>%s)/login%s$" %
(self._meta.resource_name, trailing_slash()),
self.wrap_view('login_user'), name="api_login"),
url(r'^(?P<resource_name>%s)/logout%s$' %
(self._meta.resource_name, trailing_slash()),
self.wrap_view('logout_user'), name='api_logout'),
]
def login_user(self, request, **kwargs):
self.method_check(request, allowed=['post'])
data = self.deserialize(request, request.body)
user = authenticate(username=data.get('username'), password=data.get('password'))
if user:
login(request, user)
return self.create_response(request, {'success': True})
return self.create_response(request, {'success': False})
def logout_user(self, request, **kwargs):
self.method_check(request, allowed=['post'])
logout(request)
return self.create_response(request, {'success': True})
So basically is:
This Resource returns properly and sets the proper csfr and sessionid on the cookies.
BTW you should use curl or something like that to test this and make your tests. The reason you cant logout is because you are not doing the proper logout() from django. To use tastypie properly you should use only rest calls instead of browsing.