Building RESTful Python Web Services Chapter 3

Chapter 3: Improving and Adding Authentication to an API With Django

Adding unique constraints to the models

The author introduces the unique=True keyword/phrase.  This allows Django to add the unique constraint to the database table.  He also goes over how to run migrations one more time.  We then test the code, and voila it just works.  I was personally glad for the rerun of the makemigrations and migrate commands.  I've been using it for a while now, so it wasn't real helpful, but I can remember in the beginning, having to wrack my brain for the correct commands to run to alter the database.

 Updating a single field for a resource with the PATCH method

This is a very quick section on, you guessed it, the PATCH method.  Very simple, and straightforward to use.  I am still a little confused on how all this works.  I think the author would have done a better job explaining the secret sauce in the rest_framework.  Some self study is required at this point in the book.

Taking advantage of pagination

This is a really great little section on the power of Django, and the rest_framework.  By adding a few lines of code in your settings, you can start with an arbitrary limit of options to return.  And by adding a few lines to your JSON input, you can  mix and match results to get the whole listing from the database, thereby making your life much easier if you need to use the API in some other place.

Customizing pagination classes

The author uses this section to override the pagination class with an  upper limit on the number of results that can be returned.  While he is using the pagination class as an example, this shows how easy it is to override a class in not only Django, but also Python.

One caveat, make sure you pay attention to the changes in the settings.py file.  I didn't and I kept getting an import error.  A simple mistake to make.  I think the author should have highlighted the changes as he has done in previous sections.  That would have made it much easier to keep track of.  Again, I highly recommend typing the changes, and not just copying and pasting them from the downloaded code.

Understanding authentication, permissions, and throttling

This section does exactly as intended.  It explains the three ways we can use authentication in Django.  The author then goes on to explain what permissions and throttling we will implement in the next section.

Adding security-related data to the models

Again, we go over the models and serializers.

Creating a customized permission class for object-level permissions

We being to add the permissions finally.  A function is defined, that allows only (GET, HEAD, OPTIONS) for a user who is not the owner of the resource in question.

Persisting the user that makes a request

Simple changes to save the creator of a game to the database.  Not a lot of new code in this section.

 Configuring permission policies

In this part we implement our new classes to add permission to our views.

Setting a default value for a new required field in migrations

here we learn more about Django's ability to add columns to the database without losing any previous data we might have already stored.  We are also introduced to the python shell in django

Composing requests with the necessary authentication

We begin to "test" our code with requests and see how our auth is working.  This was my biggest complaint with the book.  I feel that testing should have been the start of the project, not the end.  We do eventually get to writing unit tests in the next chapter.

Browsing our API with authentication credentials

Another quick section on how to see if our authentication is working, only this time in the browser. 

 

 

Comments

Post a Comment

Popular posts from this blog

Go Programming Blueprints, Chapter 2, Adding User Accounts

A universal truth in programming is that there are relatively few unique unsolved problems.  What tasked with a new problem, always see what other solutions exist and how we can solve our new one.  In this instance, we are going to use open source solutions to auth against existing services. Handlers all the way down Everything we write will be http handlers.  This allows us to encapsulate objects as far down the chain as needed.  Making pretty social sign in page We get a quick lesson on bootstrap, and why and how to use it.  There are two methods to showing our bootst rap.  We can leave it hosted on a CDN or add it to our assets folder.  Endpoints with Dynamic Paths Go doesn't support the most robust path selections (/path/options), such as ruby on rails or Django python.  As with everything Go, there are open source packages we can use to help with this functionality.  We will use string.split to break our argument paths in the re...
Read more

Successful Big Game Hunting Chapter 10

Chapter 10: Short Course on Bear Hunting As with all the short course chapters, this is a quick chapter on hunting different types of bears.  Mr. Gilchrist has several tips on the different types of bears, and tips on how to distinguish between them.  In at least one western state, there is a test on how to visually tell the difference between a grizzly bear and a black bear. Of course he as tips on how to prepare a bear hide for for taxidermy, and how to score a bear as a trophy.  He also has several tips on how to tell if a bear is a trophy. Favorite Quote: "Bears often react violently to a superficial hit.  He may fall as though mortally wounded, when only hit in the paw"
Read more