python 使用 django-rest-interface
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/212941/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Using django-rest-interface
提问by Sam Corder
I have a django application that I'd like to add some rest interfaces to. I've seen http://code.google.com/p/django-rest-interface/but it seems to be pretty simplistic. For instance it doesn't seem to have a way of enforcing security. How would I go about limiting what people can view and manipulate through the rest interface? Normally I'd put this kind of logic in my views. Is this the right place or should I be moving some more logic down into the model? Alternatively is there a better library out there or do I need to roll my own?
我有一个 django 应用程序,我想向其中添加一些休息接口。我见过http://code.google.com/p/django-rest-interface/但它似乎非常简单。例如,它似乎没有强制执行安全性的方法。我将如何限制人们可以通过其余界面查看和操作的内容?通常我会把这种逻辑放在我的观点中。这是正确的地方还是我应该将更多的逻辑移到模型中?或者,那里有更好的图书馆还是我需要自己动手?
采纳答案by Mark Ellul
I would look into using django-piston http://bitbucket.org/jespern/django-piston/wiki/Homeapplication if security is your main concern.
如果安全是您的主要关注点,我会考虑使用 django-piston http://bitbucket.org/jespern/django-piston/wiki/Home应用程序。
I have used django-rest-interface in the past, its reliable and though simple can be quite powerful, however django-piston seems more flexible going forward.
我过去使用过 django-rest-interface,它可靠且简单,但功能强大,但 django-piston 似乎更灵活。
回答by Anders Eurenius
Well, from the look of things, there's an authenticationparameter to Collection. (see this example: authentication.py)
好吧,从表面上看,有一个authentication参数Collection. (见这个例子:authentication.py)
Second, (even if Django doesn't have it yet,) there should probably be a middleware that does CSRF/XSRF form checking. (Oh, there seems to be one.) You should also be able to use the login_requiredand permission_requireddecoratorsin the urls.py.
其次,(即使 Django 还没有,)可能应该有一个中间件来进行 CSRF/XSRF 表单检查。(哦,似乎有一个。)您还应该能够在 urls.py 中使用login_required和permission_required装饰器。
回答by S.Lott
Even with the Authentication parameter, you don't have fine-grained control over what people can do. The current implementation of the Django-REST interface doesn't track the user information, so you don't have this information available for doing fine-grained authorization checks.
即使使用 Authentication 参数,您也无法精细控制人们可以做什么。Django-REST 接口的当前实现不跟踪用户信息,因此您没有可用于进行细粒度授权检查的信息。
See Issue #32.
见问题#32。
However, it's relatively easy to extend it to add some features. I use a lot of subclasses to add features.
但是,扩展它以添加一些功能相对容易。我使用了很多子类来添加功能。
Updating the request with login information, however, is tricky in Django. Rather than do that, I leave the information in the Collection.
然而,在 Django 中使用登录信息更新请求是很棘手的。我没有这样做,而是将信息留在集合中。
Right now, I'd estimate that between patches and subclasses, what I've written is about as big as rolling my own RESTful view functions.
现在,我估计在补丁和子类之间,我编写的内容与滚动我自己的 RESTful 视图函数一样大。
Django-REST, however, gracefully and neatly handles HTTP Digest Authentication. I don't look forward to replacing theirs with some kind of decorator for my Django view functions.
然而,Django-REST 优雅而巧妙地处理 HTTP 摘要身份验证。我不期待用某种装饰器来代替我的 Django 视图函数。
[Maybe we should open a source forge project and work out a clean replacement?]
[也许我们应该开放一个源代码伪造项目并制定一个干净的替代品?]
回答by michel.iamit
Please do have a look at django-rest-framework, I just stepped over from tastypie to this new framework, works great!
请务必查看 django-rest-framework,我刚刚从美味派过渡到这个新框架,效果很好!
http://django-rest-framework.org/
http://django-rest-framework.org/
Especially the class based views and the browsable api! and many other advantages (e..g. to upload images)
尤其是基于类的视图和可浏览的 api!以及许多其他优势(例如上传图片)
