设为首页收藏本站
开启辅助访问
RESTful API批量操作的实现 您所在的位置:网站首页 restFul删除请求怎么传参 RESTful API批量操作的实现

RESTful API批量操作的实现

2023-11-25 16:04| 来源: 网络整理| 查看: 265

要解决的问题

RESTful API对于批量操作存在一定的缺陷。例如资源的删除接口: DELETE /api/resourse// 如果我们要删除100条数据怎么搞?难道要调用100次接口吗? 比较容易想到的是下面两种方案:

用逗号分割放进url里:/api/resource/1,2,3... 将需要删除的资源的id放到请求体里面

对于方案1,由于浏览器对url的长度存在限制,如果操作的资源过多就无法实现。 对于方案2,这种处理方式存在一定的风险,因为根据RPC标准文档,DELETE的请求体在语义上没有意义,一些网关、代理、防火墙在收到DELETE请求后,会把请求的body直接剥离掉。

所以我参考https://www.npmjs.com/package/restful-api,将批量处理的操作名称和数据全部放到请求体里,统一使用POST请求发送:

POST /api/resource/batch/ Body: { "method": "create", "data": [ { "name": "Mr.Bean" }, { "name": "Chaplin" }, { "name": "Jim Carrey" } ] } POST /api/resource/batch/ Body: { "method": "update", "data": { "1": { "name": "Mr.Bean" }, "2": { "name": "Chaplin" } } } POST /api/resource/batch/ Body: { "method": "delete", "data": [1, 2, 3] }Python实现

环境:python==3.6.5, django==2.2, djangorestframework==3.9.4

在GenericViewSet中加入了一些自定义的分发逻辑,将相应的Batch View放在Mixin里实现可重用。

class BatchGenericViewSet(GenericViewSet): batch_method_names = ('create', 'update', 'delete') def batch_method_not_allowed(self, request, *args, **kwargs): method = request.batch_method raise exceptions.MethodNotAllowed(method, detail=f'Batch Method {method.upper()} not allowed.') def initialize_request(self, request, *args, **kwargs): request = super().initialize_request(request, *args, **kwargs) # 将batch_method从请求体中提取出来,方便后面使用  batch_method = request.data.get('method', None) if batch_method is not None: request.batch_method = batch_method.lower() else: request.batch_method = None return request def dispatch(self, request, *args, **kwargs):        self.args = args self.kwargs = kwargs request = self.initialize_request(request, *args, **kwargs) self.request = request self.headers = self.default_response_headers try: self.initial(request, *args, **kwargs) # 首先识别batch_method并进行分发 if request.batch_method in self.batch_method_names: method_name = 'batch_' + request.batch_method.lower() handler = getattr(self, method_name, self.batch_method_not_allowed) elif requesthod.lower() in self.http_method_names: handler = getattr(self, requesthod.lower(), self.http_method_not_allowed) else: handler = self.http_method_not_allowed response = handler(request, *args, **kwargs) except Exception as exc: response = self.handle_exception(exc) self.response = self.finalize_response(request, response, *args, **kwargs) return self.response

下面是Mixin,因为懒所以放在了一个里面:

class BatchMixin: def batch_create(self, request, *args, **kwargs): """ Create a batch of model instance request body like this: { "method": "create", "data": [ { "name": "Mr.Liu", "age": 27 }, { "name": "Chaplin", "age": 88 } ] } """ data = request.data.get('data', None) if not isinstance(data, list): raise exceptions.ValidationError({'data': 'Data must be a list.'}) serializer = self.get_serializer(data=data, many=True) serializer.is_valid(raise_exception=True) with transaction.atomic(): self.perform_create(serializer) headers = self.get_success_headers(serializer.data) return Response(serializer.data, status=status.HTTP_201_CREATED, headers=headers) def batch_update(self, request, *args, **kwargs): """ Update a batch of model instance request body like this: { "method": "update", "data": { 1: { "name": "Mr.Liu" }, 2: { "name": "Jim Carrey" } } } """ data = request.data.get('data', None) if not isinstance(data, dict): raise exceptions.ValidationError({'data': 'Data must be a object.'}) ids = [int(id) for id in data] queryset = self.get_queryset().filter(id__in=ids) results = [] for obj in queryset: serializer = self.get_serializer(obj, data=data[str(obj.id)], partial=True) serializer.is_valid(raise_exception=True) with transaction.atomic(): self.perform_update(serializer) results.append(serializer.data) return Response(results) def batch_delete(self, request, *args, **kwargs): """ Delete a batch of model instance request body like this: { "method": "delete", "data": [1, 2] } """ data = request.data.get('data', None) if not isinstance(data, list): raise exceptions.ValidationError({'data': 'Data must be a list.'}) queryset = self.get_queryset().filter(id__in=data) with transaction.atomic(): self.perform_destroy(queryset) return Response(status=status.HTTP_204_NO_CONTENT)

这样实现对于restframework框架的ModelPermission权限判定会出现问题,因为所有请求都是通过POST实现的,默认情况下无法对Model的增、删、改权限进行有效的判断。稍微修改下DjangoModelPermissions就可以了:

class BatchModelPermissions(DjangoModelPermissions): batch_method_map = { 'create': 'POST', 'update': 'PATCH', 'delete': 'DELETE' } def has_permission(self, request, view): if getattr(view, '_ignore_model_permissions', False): return True if not request.user or ( not request.user.is_authenticated and self.authenticated_users_only): return False queryset = self._queryset(view) # 这里,这里 batch_method = getattr(request, 'batch_method', None) if batch_method is not None: perms = self.get_required_permissions(self.batch_method_map[batch_method], queryset.model) else: perms = self.get_required_permissions(requesthod, queryset.model) return request.user.has_perms(perms)

参考:https://www.npmjs.com/package/restful-api



【本文地址】

公司简介

联系我们

今日新闻

    推荐新闻

    专题文章
      CopyRight 2018-2019 实验室设备网 版权所有