第八章完结，完成了商品详情页功能，实现了热卖商品接口，用户收藏接口，drf权限验证。

mtianyan · mtianyan · commit aee56a983923 · 2018-03-10T19:15:19.000+08:00
diff --git a/.idea/workspace.xml b/.idea/workspace.xml
diff --git a/VueDjangoFrameWorkShop/settings.py b/VueDjangoFrameWorkShop/settings.py
@@ -162,13 +162,12 @@
     'DEFAULT_AUTHENTICATION_CLASSES': (
         'rest_framework_jwt.authentication.JSONWebTokenAuthentication',
         'rest_framework.authentication.BasicAuthentication',
-        'rest_framework.authentication.SessionAuthentication',
     )
 }
 
 # 与drf的jwt相关的设置
 JWT_AUTH = {
-    'JWT_EXPIRATION_DELTA': datetime.timedelta(seconds=20),
+    'JWT_EXPIRATION_DELTA': datetime.timedelta(seconds=3600),
     'JWT_AUTH_HEADER_PREFIX': 'Bearer',
 }
 
diff --git a/VueDjangoFrameWorkShop/urls.py b/VueDjangoFrameWorkShop/urls.py
@@ -22,6 +22,7 @@
 
 from VueDjangoFrameWorkShop.settings import MEDIA_ROOT
 from goods.views import GoodsListViewSet, CategoryViewset
+from user_operation.views import UserFavViewset
 from users.views import SmsCodeViewset, UserViewset
 # from goods.views import GoodsListView,
 # from goods.views_base import GoodsListView
@@ -46,6 +47,8 @@
 # 配置users的url
 router.register(r'users', UserViewset, base_name="users")
 
+# 配置用户收藏的url
+router.register(r'userfavs', UserFavViewset, base_name="userfavs")
 urlpatterns = [
     # path('admin/', admin.site.urls),
     path('xadmin/', xadmin.site.urls),
diff --git a/apps/goods/filters.py b/apps/goods/filters.py
@@ -26,7 +26,7 @@ def top_category_filter(self, queryset, name, value):
 
     class Meta:
         model = Goods
-        fields = ['pricemin', 'pricemax', 'name']
+        fields = ['pricemin', 'pricemax', 'name', 'is_hot']
         # fields = {
         #            'shop_price': ['gte','lte', 'icontains'],
         #            }
diff --git a/apps/goods/serializers.py b/apps/goods/serializers.py
@@ -2,7 +2,7 @@
 __author__ = 'mtianyan'
 __date__ = '2018/2/14 0014 16:44'
 
-from goods.models import Goods, GoodsCategory
+from goods.models import Goods, GoodsCategory, GoodsImage
 from rest_framework import serializers
 
 
@@ -12,8 +12,14 @@ class Meta:
         fields = "__all__"
 
 
+class GoodsImageSerializer(serializers.ModelSerializer):
+    class Meta:
+        model = GoodsImage
+        fields = ("image",)
+
 class GoodsSerializer(serializers.ModelSerializer):
     category = CategorySerializer()
+    images = GoodsImageSerializer(many=True)
 
     class Meta:
         model = Goods
diff --git a/apps/goods/views.py b/apps/goods/views.py
@@ -32,9 +32,9 @@ class GoodsPagination(PageNumberPagination):
 # class GoodsListView(mixins.ListModelMixin, generics.GenericAPIView):
 # class GoodsListView(ListAPIView):
 # class GoodsListView(mixins.ListModelMixin, viewsets.GenericViewSet):
-class GoodsListViewSet(mixins.ListModelMixin, viewsets.GenericViewSet):
+class GoodsListViewSet(mixins.ListModelMixin, mixins.RetrieveModelMixin, viewsets.GenericViewSet):
     """
-    商品列表页，分页，搜索，过滤，排序
+    商品列表页，分页，搜索，过滤，排序,取某一个具体商品的详情
     """
 
     # queryset是一个属性
diff --git a/apps/user_operation/models.py b/apps/user_operation/models.py
@@ -3,6 +3,7 @@
 from goods.models import Goods
 from django.contrib.auth import get_user_model
 # Create your models here.
+
 User = get_user_model()
 
 
@@ -18,7 +19,7 @@ class Meta:
         verbose_name = '用户收藏'
         verbose_name_plural = verbose_name
 
-        #
+        # 多个字段作为一个联合唯一索引
         unique_together = ("user", "goods")
 
     def __str__(self):
diff --git a/apps/user_operation/serializers.py b/apps/user_operation/serializers.py
@@ -0,0 +1,27 @@
+# encoding: utf-8
+from rest_framework.validators import UniqueTogetherValidator
+
+__author__ = 'mtianyan'
+__date__ = '2018/3/10 0010 09:54'
+from rest_framework import serializers
+from user_operation.models import UserFav
+
+
+class UserFavSerializer(serializers.ModelSerializer):
+    user = serializers.HiddenField(
+        default=serializers.CurrentUserDefault()
+    )
+
+    class Meta:
+        model = UserFav
+
+        # 使用validate方式实现唯一联合
+        validators = [
+            UniqueTogetherValidator(
+                queryset=UserFav.objects.all(),
+                fields=('user', 'goods'),
+                message="已经收藏"
+            )
+        ]
+
+        fields = ("user", "goods", "id")
diff --git a/apps/user_operation/views.py b/apps/user_operation/views.py
@@ -1,3 +1,25 @@
 from django.shortcuts import render
-
+from rest_framework import viewsets
+from rest_framework import mixins
 # Create your views here.
+from user_operation.models import UserFav
+from user_operation.serializers import UserFavSerializer
+from rest_framework.permissions import IsAuthenticated
+from utils.permissions import IsOwnerOrReadOnly
+from rest_framework_jwt.authentication import JSONWebTokenAuthentication
+from rest_framework.authentication import SessionAuthentication
+
+
+class UserFavViewset(viewsets.GenericViewSet, mixins.ListModelMixin, mixins.CreateModelMixin, mixins.RetrieveModelMixin,
+                     mixins.DestroyModelMixin):
+    """
+    用户收藏功能
+    """
+    # queryset = UserFav.objects.all()
+    permission_classes = (IsAuthenticated, IsOwnerOrReadOnly)
+    serializer_class = UserFavSerializer
+    lookup_field = 'goods_id'
+    authentication_classes = (JSONWebTokenAuthentication, SessionAuthentication)
+
+    def get_queryset(self):
+        return UserFav.objects.filter(user=self.request.user)
diff --git a/apps/utils/permissions.py b/apps/utils/permissions.py
@@ -0,0 +1,20 @@
+# encoding: utf-8
+__author__ = 'mtianyan'
+__date__ = '2018/3/10 0010 17:38'
+from rest_framework import permissions
+
+
+class IsOwnerOrReadOnly(permissions.BasePermission):
+    """
+    Object-level permission to only allow owners of an object to edit it.
+    Assumes the model instance has an `owner` attribute.
+    """
+
+    def has_object_permission(self, request, view, obj):
+        # Read permissions are allowed to any request,
+        # so we'll always allow GET, HEAD or OPTIONS requests.
+        if request.method in permissions.SAFE_METHODS:
+            return True
+
+        # Instance must have an attribute named `owner`.
+        return obj.user == request.user

Original file line number	Diff line number	Diff line change
`@@ -162,13 +162,12 @@`
`162`	`162`	`'DEFAULT_AUTHENTICATION_CLASSES': (`
`163`	`163`	`'rest_framework_jwt.authentication.JSONWebTokenAuthentication',`
`164`	`164`	`'rest_framework.authentication.BasicAuthentication',`
`165`		`- 'rest_framework.authentication.SessionAuthentication',`
`166`	`165`	`)`
`167`	`166`	`}`
`168`	`167`
`169`	`168`	`# 与drf的jwt相关的设置`
`170`	`169`	`JWT_AUTH = {`
`171`		`- 'JWT_EXPIRATION_DELTA': datetime.timedelta(seconds=20),`
	`170`	`+ 'JWT_EXPIRATION_DELTA': datetime.timedelta(seconds=3600),`
`172`	`171`	`'JWT_AUTH_HEADER_PREFIX': 'Bearer',`
`173`	`172`	`}`
`174`	`173`