WEBVTT 00:00.480 --> 00:04.480 So we're able to create posts, objects inside of the Admon panel. 00:04.530 --> 00:06.180 But that's not very fun. 00:06.180 --> 00:11.640 The whole thing is that we're making this API so that someone on maybe a mobile application or a separate 00:11.640 --> 00:16.860 Web site, maybe a desktop app could be making these things and, you know, reading and data. 00:16.890 --> 00:22.140 So let's go ahead and make an API call so that we can create posts via the API. 00:22.740 --> 00:26.520 So in order to do this, let's go ahead and move back into our project. 00:27.180 --> 00:31.860 And if we go to our Vieuxtemps Pi, you're saying, OK, there's a list API view. 00:31.950 --> 00:34.080 There's probably a create API view. 00:34.230 --> 00:34.690 And there is. 00:34.710 --> 00:39.330 And we could totally create a separate class and, you know, go ahead and do all of that. 00:39.330 --> 00:45.290 But the general risk framework has these really nice combinations that happen. 00:45.300 --> 00:51.930 For example, when someone comes to the u r l, let's go here slash API slash posts. 00:52.380 --> 00:56.550 Well, if they just want to read what's there, they're going to do a get request to that. 00:56.550 --> 00:59.580 You are well and that should list out all the post objects. 00:59.610 --> 01:05.760 But if someone wants to create a post, they should be able to post to this, you are well and be able 01:05.760 --> 01:07.170 to make one of them. 01:07.890 --> 01:15.390 And so what we can do is come back to our views here and change this from just a list API view to a 01:15.390 --> 01:18.300 list create API view. 01:18.870 --> 01:24.360 And what this does, if we literally just doing this one thing, if we go ahead and hit save here and 01:24.360 --> 01:26.460 come back to our API and reload. 01:27.060 --> 01:27.630 Look at this. 01:27.930 --> 01:29.700 We can now post to this. 01:29.700 --> 01:30.280 You are well. 01:30.400 --> 01:33.270 And if we go ahead and scroll down here, this is so cool to me. 01:33.770 --> 01:37.740 There's a little form that allows us to add things into the database here. 01:37.740 --> 01:40.830 So, for example, I can go in, you know, pick something here. 01:41.660 --> 01:45.180 I'm going to say cool search engine. 01:45.300 --> 01:45.810 All right. 01:46.040 --> 01:48.690 And I can pass in and you are going to do HTP. 01:48.960 --> 01:53.460 Colon slash, slash, duck, duck, go dot com. 01:53.520 --> 01:56.070 And I can post this and look at this. 01:56.310 --> 01:58.650 This is now added into our database. 01:58.710 --> 02:04.860 If I go back to because, you know, once we've posted this, it comes back as a two oh one. 02:05.530 --> 02:08.310 And these are HTP status codes. 02:08.340 --> 02:14.540 Now, if you want to go open a can of worms here, go look up HTP status codes. 02:15.030 --> 02:17.640 And there is so much to dive into with this. 02:17.650 --> 02:20.790 There's a whole list of some if we go ahead and I just. 02:21.030 --> 02:21.570 Let's see. 02:21.630 --> 02:21.880 Yeah. 02:21.990 --> 02:25.140 These are all the different things that come back. 02:25.310 --> 02:31.830 And so something that's kind of cool here, if you've ever seen a four or four page that's a HTP number 02:31.830 --> 02:34.510 saying that, you know, something was not found. 02:34.530 --> 02:39.330 Usually that's when someone's put it in a bad you are LTA website or a Web site, remove something that 02:39.330 --> 02:42.930 used to be something that it'll give you a four or four to say, I don't know what you're looking for. 02:43.290 --> 02:45.010 There's all these different options here. 02:45.030 --> 02:47.550 So, for example, this the standard one is 200. 02:47.670 --> 02:52.810 Anytime you visit a Web site, like when we visited this particular Web site, this reste API tutorial 02:52.810 --> 02:56.820 dot com, it came back to our browser as a 200. 02:57.300 --> 03:01.140 Okay, HTP request now for us. 03:01.170 --> 03:03.970 When we made an object, it came back as a two, a one. 03:03.990 --> 03:06.570 And you can see there's all sorts of different ones here. 03:07.020 --> 03:13.200 And you know, this is another great pro of the Gengel rest API is that it handles all of this for us. 03:13.530 --> 03:18.480 We did not have to write any code here to say, oh, if we successfully create go ahead and, you know, 03:18.630 --> 03:20.300 set it as a two one. 03:20.770 --> 03:22.650 Now, it just does that automatically. 03:22.680 --> 03:27.990 And if we come back to the browser here and we reload this you URL because we're still just at the post, 03:28.800 --> 03:31.920 it's now because we did a get request instead of a post. 03:31.950 --> 03:34.140 It gives us back the two hundred and you can see. 03:34.440 --> 03:35.130 Look at this. 03:35.370 --> 03:38.790 We have all the different posts showing up here. 03:38.910 --> 03:40.440 This is so awesome. 03:41.730 --> 03:48.300 So at first this seems like we've done some really great work that, you know, hey, we were able to, 03:48.900 --> 03:49.890 you know, add things. 03:49.890 --> 03:50.700 This is really good. 03:50.700 --> 03:55.500 And we can do it either through this H.T. email form here or we we can do raw data, which you can see 03:55.500 --> 03:56.580 it gets a start is for us. 03:56.610 --> 04:01.660 This is like if someone was gonna be working with our API, they would be passing Jace on like this. 04:01.680 --> 04:01.950 Right. 04:02.400 --> 04:04.230 So let's go and do another. 04:05.190 --> 04:09.930 I'm going to do the accurate search engine. 04:09.990 --> 04:11.470 I love the duck duck, though. 04:13.110 --> 04:17.880 You know, it has a lot more privacy than Google, but Google is so much better at, you know, returning 04:17.880 --> 04:19.020 back what I'm looking for. 04:19.140 --> 04:24.990 So anyways, so, you know, I can add via the raw data here and, you know, post this. 04:25.020 --> 04:30.540 But notice, I don't have the poster set if I say no here and I go ahead and try and post this. 04:31.020 --> 04:34.860 Well, I get this air back and says this feel may not be no. 04:34.860 --> 04:38.220 I have to provide something there and would really think about it. 04:38.220 --> 04:43.860 When someone submitting a post, they shouldn't be able to pick which user, you know, submitted that 04:43.860 --> 04:44.160 post. 04:44.190 --> 04:48.920 It should be only that user can, you know, should be able to do that. 04:48.930 --> 04:54.480 So how are we going to handle this as sort of, you know, a little bit detailed Dupont situation? 04:54.780 --> 04:56.820 How do we do with this, with the general risk framework? 04:57.210 --> 04:59.550 Well, let's go back to Adam and work on a couple. 04:59.670 --> 05:00.330 Well, things here. 05:00.780 --> 05:05.690 So the first thing that we need to do is we need to move over to our serializer. 05:06.190 --> 05:10.560 And we need to make it so that, you know, the different fields that we have here, that some of them 05:10.860 --> 05:13.230 are going to be a read only field. 05:13.470 --> 05:16.920 So the way to set this is going to come back to the top here. 05:16.950 --> 05:20.730 And I'm going to say poster, which is one of our fields. 05:20.730 --> 05:20.940 Right. 05:21.000 --> 05:29.430 I'm gonna say poster is equal to serializer as Dot and I want read only field. 05:29.810 --> 05:30.060 OK. 05:31.060 --> 05:35.520 Now, inside of here, we have to say where the data for this is going to come from. 05:35.850 --> 05:38.340 So we're going to say source is equal to. 05:38.850 --> 05:39.990 And then we pass on a string. 05:40.020 --> 05:44.110 And I'm going to have this be the poster dot username. 05:44.160 --> 05:47.280 I think that might be a good way to display that information. 05:47.350 --> 05:52.170 If we wanted to include the users idea as well, we could totally do that. 05:52.170 --> 05:54.880 We could, you know, make a new line here. 05:54.880 --> 06:01.200 I'm going to copy what we have and make this poster underscore I.D. and this will, you know, give 06:01.200 --> 06:02.720 back the poster I.D.. 06:02.820 --> 06:04.020 That could kind of be a cool thing. 06:04.020 --> 06:08.730 And now we can take this poster I.D. and add this to one of the fields here. 06:08.730 --> 06:10.560 So I'm going to do poster I.D.. 06:10.770 --> 06:11.280 Great. 06:12.030 --> 06:19.230 And now that we have this, if we go ahead and save what we've got and come back to our. 06:19.230 --> 06:20.040 You are all here. 06:20.070 --> 06:21.630 Kay, let's reload the page. 06:21.660 --> 06:24.330 If we come down to the form, look at this. 06:24.640 --> 06:27.330 There's no longer an option to set the user. 06:27.840 --> 06:31.830 But this isn't really going to get us somewhere if I try and, you know, submit something here. 06:33.120 --> 06:37.200 Let's just, you know, do another Google dot com or whatever we're gonna get in there. 06:37.290 --> 06:42.540 And it's basically saying, you know, hey, someone has to be the poster for this post. 06:42.600 --> 06:44.100 What you know, what user is that? 06:44.580 --> 06:46.410 Well, let's go back to our code. 06:46.740 --> 06:48.420 Let's now move to our views. 06:48.720 --> 06:57.300 And inside of this class space view, we can override a function where it's about to save whatever it 06:57.300 --> 06:59.060 is that we're put into, into the database. 06:59.070 --> 07:00.540 In this case, it's post objects. 07:00.570 --> 07:06.540 But what we can do is name this deaf space perform. 07:07.680 --> 07:12.270 Create and it's really important that this name is exact, it has to be performed, create, this is 07:12.270 --> 07:18.510 like a special name that is going to be called right before it's trying to save something into the database 07:19.020 --> 07:24.120 and the parameters that we're passing in our self and then also the serializer. 07:24.420 --> 07:27.510 So not sterilizers with an S, but just serializer. 07:28.770 --> 07:33.450 And what we're gonna do here is we're going to the typically what just happens if we didn't provide 07:33.450 --> 07:33.600 this? 07:33.600 --> 07:37.450 What happens by default is it just says serializer dot save. 07:37.470 --> 07:40.800 And remember, the serializer basically is holding a Django model. 07:41.340 --> 07:43.110 It's kind of that transition point for us. 07:43.140 --> 07:50.250 But what we can do here is say, hey, while you're doing this save, I want you to have poster be equal 07:50.250 --> 07:57.390 to whatever user made this request so we can go ahead and say self dot user dot. 07:58.050 --> 08:02.400 I did this wrong self dot request dot user. 08:02.840 --> 08:03.140 OK. 08:03.750 --> 08:09.000 So this says any time I'm going to save a post object right before I do, I'm going to grab whatever 08:09.000 --> 08:12.960 user made this API call and I'm going to set that as the poster. 08:13.470 --> 08:19.170 So with this, now that we have this saved, let's go ahead and go back and reload this page. 08:20.250 --> 08:22.830 And still the same situation here. 08:22.830 --> 08:24.950 So I'm just going to call this one like, hello. 08:25.680 --> 08:28.740 We'll do our classic Google here. 08:29.010 --> 08:30.930 Post this and look at that. 08:31.140 --> 08:35.460 It's posted it and it's posted with the user zappy code. 08:35.490 --> 08:38.460 And look, there's that other additional thing that we added, the poster I.D.. 08:38.820 --> 08:39.150 OK. 08:39.690 --> 08:40.740 So isn't this great? 08:40.950 --> 08:45.270 Like, the thing that I love about the Jingle Rest framework is that it's flexible enough that if we 08:45.270 --> 08:51.100 have some sort of special situation like, well, you know, I typically want to use it to be entered 08:51.200 --> 08:52.320 into in most fields. 08:52.320 --> 08:55.310 But for the poster, I want that just to be automatic. 08:55.320 --> 08:56.060 We can do that. 08:56.070 --> 09:00.840 We can make these little changes to have the API be exactly what we want. 09:01.380 --> 09:05.580 Now, there's one more thing that we've got to talk about, and that's that I'm signed in currently 09:05.610 --> 09:07.200 as the users AP code. 09:08.010 --> 09:13.940 For example, if I go ahead and, you know, open up, it's a separate browser here and I grab the same. 09:13.980 --> 09:14.940 You are all here. 09:15.450 --> 09:23.940 So here inside of Chrome, I'm going to, you know, go to the same place if I try and add something 09:23.940 --> 09:24.390 here. 09:24.570 --> 09:25.000 Okay. 09:25.490 --> 09:28.530 To do like let's do zappy code here. 09:28.560 --> 09:33.650 If I try and post, this is going to say, hey, Valide, you are. 09:33.720 --> 09:34.850 That was a valid you oil. 09:34.860 --> 09:36.090 No, it was not. 09:36.330 --> 09:38.550 OK, try again post. 09:38.910 --> 09:41.800 That's gonna say, hey, you know, you're an anonymous user. 09:41.820 --> 09:42.520 This doesn't work. 09:42.540 --> 09:45.090 So how do we prevent the situation? 09:45.510 --> 09:53.340 Well, if we go back to Adam here, we can specify inside one of these Class-Based view who has permission 09:53.340 --> 09:54.750 to be able to call this API. 09:54.780 --> 09:57.330 So if we go ahead and say permission. 09:59.450 --> 10:00.110 Underscore. 10:00.150 --> 10:01.050 Classes. 10:01.800 --> 10:05.400 We can set this equal to an array of different permission items here. 10:05.430 --> 10:09.570 But we're going to say permissions, which we've got to go ahead and import this. 10:09.590 --> 10:11.310 I'm going to come up to the top here. 10:11.340 --> 10:12.570 This comes from the rest framework. 10:12.610 --> 10:13.830 So we're just gonna do comma. 10:14.790 --> 10:15.700 Permissions. 10:17.010 --> 10:17.460 OK. 10:18.060 --> 10:25.590 And we're going to come back down here and say permissions dot capital is capital off then. 10:27.510 --> 10:30.260 Kate, got to make sure we spell this right, Kate. 10:30.760 --> 10:32.770 So I'm gonna go ahead and save this. 10:32.890 --> 10:40.930 So now when I come back on Crome and I visit this, it's going to say, hey, you can't do anything 10:40.960 --> 10:42.450 because you're not assigned and user. 10:42.460 --> 10:48.430 But here in Safari, when I where I am signed in, it says, hey, look, you know, you're able to 10:48.430 --> 10:48.760 do this. 10:48.760 --> 10:50.170 I'd be able to create something. 10:50.170 --> 10:50.590 I can view. 10:50.590 --> 10:54.280 What's going on here in this at first can seem like the right situation. 10:54.310 --> 10:59.680 But the problem is we want anybody, whether they have a user account or not, to be able to see the 10:59.680 --> 11:00.250 top post. 11:00.280 --> 11:04.720 Just like when we went to Reddit dot com, we could see what all the top links were without creating 11:04.720 --> 11:05.350 a Reddit account. 11:05.710 --> 11:07.060 I think this you are ill. 11:07.480 --> 11:11.380 If someone visits it with the API, we should be able to see all the different posts. 11:11.680 --> 11:14.810 So how do we make it so that, OK, if someone doesn't get requests, it's OK. 11:14.880 --> 11:16.360 But if they do a post, it's not. 11:16.930 --> 11:24.100 Well, again, the flexibility with this Gengel rest rest framework, I can say is authenticated or 11:25.030 --> 11:26.310 read only. 11:26.620 --> 11:32.260 So when I do this and hit save, you'll notice now in Chrome when I reload the page. 11:32.410 --> 11:36.080 Oh, I can read the information here, but I can't post anything. 11:36.100 --> 11:37.810 That option is not there. 11:37.810 --> 11:45.820 But where I am signed in as the zappy code user, I can still see the information and post new data. 11:47.380 --> 11:50.350 So I hope you're starting to feel the magic here. 11:51.160 --> 11:52.630 This is really fun building. 11:52.630 --> 11:59.110 Now, this API weren't worried at nice point where we can, you know, post posts, create post objects 11:59.170 --> 12:00.370 and we can list them out. 12:00.940 --> 12:06.940 The next step for us is to say, OK, well, you know, how now do we vote for different things? 12:06.940 --> 12:08.740 So let's talk about that in the next lecture.