WEBVTT

00:02.770 --> 00:08.830
We are now ready to start creating the views for our questions application and specifically in this

00:08.830 --> 00:15.780
lesson we're going to create a music class to use we the question model with creative use that by filing

00:15.880 --> 00:20.890
DARPA folder let's import the view sets.

00:21.010 --> 00:27.290
So from a rest framework import view sets.

00:27.460 --> 00:30.400
Then we need to import to the questions utilize it and model.

00:30.640 --> 00:38.830
So from questions that API dot the advisors import question utilize it.

00:38.860 --> 00:44.770
And from questions dot models import question.

00:45.040 --> 00:54.110
We can now create the question view set class up which extending view sets that model.

00:54.190 --> 01:01.900
You said we provide us the cloud the functionality for our request on model ready set equals question

01:02.050 --> 01:12.280
dot objects dot or look and as we said we want to use this lag field as a lookup field so look up field

01:12.430 --> 01:22.870
equals larger than you realize that plus equals question C analyzer and we're also going to need the

01:22.890 --> 01:23.800
permission class.

01:23.990 --> 01:28.210
So that only authors can delete or edit their questions.

01:28.310 --> 01:35.040
Remember that it's always very very important to place these kind of checksum at the server level.

01:35.120 --> 01:39.710
We can then of course design to use that experience around these kind of permissions.

01:39.710 --> 01:46.580
However it's important to have them here at the server level to be safer from a bad actors and malicious

01:46.580 --> 01:47.370
users.

01:47.390 --> 01:57.610
So I'm now going to define their permissions that by file and yeah first of all from a rest framework.

01:57.680 --> 02:13.150
Import permissions and then class is author or read only which extends permissions not base permission.

02:13.370 --> 02:23.540
And yeah let's define as object the permission with if request that method in permissions.

02:23.550 --> 02:28.730
The safe methods we're just going to return through.

02:28.970 --> 02:38.870
So we're going to check here by the return statement object the author equals request that the user

02:39.110 --> 02:41.150
which of course is only going to return it through.

02:41.210 --> 02:49.620
If this comparison is correct so let's import is often or only from questions.

02:49.690 --> 02:54.280
Does API the permissions input is off or added only.

02:54.460 --> 03:00.840
And I can also switch places with the questions that I set like so so permission.

03:00.970 --> 03:07.040
Class this equals is often already done.

03:07.520 --> 03:11.000
Now we also want the author to feel it to be added automatically.

03:11.000 --> 03:14.260
Basically we want the author fields to be request don't use it.

03:14.300 --> 03:17.760
Therefore we can override deeper form create method.

03:17.880 --> 03:25.520
Def form create self and see a nicer Indiana.

03:25.550 --> 03:35.540
We can do utilize the DOT save with author equals self not request not use it let's not create the end

03:35.540 --> 03:38.010
points for our model view said class.

03:38.330 --> 03:49.280
So in the API folder you address that by India from Django that you add as import include and parser.

03:49.700 --> 03:55.370
Then from the rest framework dot the routers

03:58.460 --> 04:07.940
import default router and then from questions note API import fields as Q V.

04:08.090 --> 04:13.930
So in it it's easier for us to access all the different views.

04:13.940 --> 04:26.650
Let's now define the router as default router and it lets now register router that register the questions

04:27.060 --> 04:30.530
and point we have question views.

04:30.560 --> 04:39.110
Q We know the question you've set and now you had a path that equals at least.

04:39.580 --> 04:46.520
We've passed the include router not your address.

04:46.600 --> 04:54.310
We now need to import is in debt main you are registered by file so you're just copy these two lines

04:54.850 --> 05:02.500
and let's paste them here and we're just going to include questions not API that you address before

05:02.500 --> 05:05.170
testing the new features that is one last thing that we need to do.

05:05.380 --> 05:14.900
So yeah from a rest framework that permissions import is authenticated and we need to add this to the

05:15.370 --> 05:17.230
permission classes.

05:17.430 --> 05:25.380
Let's now round the development server and let's test the new features and let's also move to Chrome.

05:25.380 --> 05:35.770
Let's go to API questions with the four slash at the end we get photo 1 notarized authentication credentials

05:35.800 --> 05:36.790
were not provided.

05:36.790 --> 05:45.280
So let's log into an example as admin and yeah of course we see our first question.

05:45.720 --> 05:47.500
Let's add another one.

05:48.100 --> 05:53.550
You like jazz music post it's created.

05:53.570 --> 06:00.440
And as you can see we have this lag created from the content plus the random string attached at the

06:00.440 --> 06:06.260
end so that if somebody creates a new question we have the same content.

06:06.260 --> 06:08.070
We still get a different lag.

06:08.210 --> 06:12.930
Let's now try to get the details of a single question.

06:13.200 --> 06:21.780
So I'm going to slash questions as large as larger and as you can see I can now update the question

06:22.710 --> 06:23.460
like So.

06:23.460 --> 06:27.100
But I can also delete it.

06:27.110 --> 06:33.980
Let's now go back to the question list and point and let's logout as I mean and let's log making as

06:34.460 --> 06:34.970
Roundup.

06:36.470 --> 06:43.470
Let's try to get the details from a question that we haven't created like so.

06:44.200 --> 06:49.770
And as you can see we can't retrieve the details of these things but we can't updated or deleted.