RESTful API批量操做的實現
要解決的問題
RESTful API對於批量操做存在必定的缺陷。例如資源的刪除接口:
DELETE /api/resourse/<id>/
若是咱們要刪除100條數據怎麼搞?難道要調用100次接口嗎?
比較容易想到的是下面兩種方案:python
- 用逗號分割放進url裏:
/api/resource/1,2,3... - 將須要刪除的資源的id放到請求體裏面
對於方案1,因爲瀏覽器對url的長度存在限制,若是操做的資源過多就沒法實現。
對於方案2,這種處理方式存在必定的風險,由於根據RPC標準文檔,DELETE的請求體在語義上沒有意義,一些網關、代理、防火牆在收到DELETE請求後,會把請求的body直接剝離掉。npm
因此我參考https://www.npmjs.com/package/restful-api,將批量處理的操做名稱和數據所有放到請求體裏,統一使用POST請求發送:django
POST /api/resource/batch/
Body: {
"method": "create",
"data": [ { "name": "Mr.Bean" }, { "name": "Chaplin" }, { "name": "Jim Carrey" } ]
}
POST /api/resource/batch/
Body: {
"method": "update",
"data": { "1": { "name": "Mr.Bean" }, "2": { "name": "Chaplin" } }
}
POST /api/resource/batch/
Body: {
"method": "delete",
"data": [1, 2, 3]
}
Python實現
環境:python==3.6.5, django==2.2, djangorestframework==3.9.4api
在GenericViewSet中加入了一些自定義的分發邏輯,將相應的Batch View放在Mixin裏實現可重用。瀏覽器
class BatchGenericViewSet(GenericViewSet):
batch_method_names = ('create', 'update', 'delete')
def batch_method_not_allowed(self, request, *args, **kwargs):
method = request.batch_method
raise exceptions.MethodNotAllowed(method, detail=f'Batch Method {method.upper()} not allowed.')
def initialize_request(self, request, *args, **kwargs):
request = super().initialize_request(request, *args, **kwargs)
# 將batch_method從請求體中提取出來,方便後面使用
batch_method = request.data.get('method', None)
if batch_method is not None:
request.batch_method = batch_method.lower()
else:
request.batch_method = None
return request
def dispatch(self, request, *args, **kwargs):
self.args = args
self.kwargs = kwargs
request = self.initialize_request(request, *args, **kwargs)
self.request = request
self.headers = self.default_response_headers
try:
self.initial(request, *args, **kwargs)
# 首先識別batch_method並進行分發
if request.batch_method in self.batch_method_names:
method_name = 'batch_' + request.batch_method.lower()
handler = getattr(self, method_name, self.batch_method_not_allowed)
elif request.method.lower() in self.http_method_names:
handler = getattr(self, request.method.lower(), self.http_method_not_allowed)
else:
handler = self.http_method_not_allowed
response = handler(request, *args, **kwargs)
except Exception as exc:
response = self.handle_exception(exc)
self.response = self.finalize_response(request, response, *args, **kwargs)
return self.response
下面是Mixin,由於懶因此放在了一個裏面:restful
class BatchMixin:
def batch_create(self, request, *args, **kwargs):
"""
Create a batch of model instance
request body like this:
{
"method": "create",
"data": [
{
"name": "Mr.Liu",
"age": 27
},
{
"name": "Chaplin",
"age": 88
}
]
}
"""
data = request.data.get('data', None)
if not isinstance(data, list):
raise exceptions.ValidationError({'data': 'Data must be a list.'})
serializer = self.get_serializer(data=data, many=True)
serializer.is_valid(raise_exception=True)
with transaction.atomic():
self.perform_create(serializer)
headers = self.get_success_headers(serializer.data)
return Response(serializer.data, status=status.HTTP_201_CREATED, headers=headers)
def batch_update(self, request, *args, **kwargs):
"""
Update a batch of model instance
request body like this:
{
"method": "update",
"data": {
1: { "name": "Mr.Liu" },
2: { "name": "Jim Carrey" }
}
}
"""
data = request.data.get('data', None)
if not isinstance(data, dict):
raise exceptions.ValidationError({'data': 'Data must be a object.'})
ids = [int(id) for id in data]
queryset = self.get_queryset().filter(id__in=ids)
results = []
for obj in queryset:
serializer = self.get_serializer(obj, data=data[str(obj.id)], partial=True)
serializer.is_valid(raise_exception=True)
with transaction.atomic():
self.perform_update(serializer)
results.append(serializer.data)
return Response(results)
def batch_delete(self, request, *args, **kwargs):
"""
Delete a batch of model instance
request body like this:
{
"method": "delete",
"data": [1, 2]
}
"""
data = request.data.get('data', None)
if not isinstance(data, list):
raise exceptions.ValidationError({'data': 'Data must be a list.'})
queryset = self.get_queryset().filter(id__in=data)
with transaction.atomic():
self.perform_destroy(queryset)
return Response(status=status.HTTP_204_NO_CONTENT)
這樣實現對於restframework框架的ModelPermission權限斷定會出現問題,由於全部請求都是經過POST實現的,默認狀況下沒法對Model的增、刪、改權限進行有效的判斷。稍微修改下DjangoModelPermissions就能夠了:app
class BatchModelPermissions(DjangoModelPermissions):
batch_method_map = {
'create': 'POST',
'update': 'PATCH',
'delete': 'DELETE'
}
def has_permission(self, request, view):
if getattr(view, '_ignore_model_permissions', False):
return True
if not request.user or (
not request.user.is_authenticated and self.authenticated_users_only):
return False
queryset = self._queryset(view)
# 這裏,這裏
batch_method = getattr(request, 'batch_method', None)
if batch_method is not None:
perms = self.get_required_permissions(self.batch_method_map[batch_method], queryset.model)
else:
perms = self.get_required_permissions(request.method, queryset.model)
return request.user.has_perms(perms)
相關文章
- 1. ES18-JAVA API 批量操做
- 2. ElasticSearch 使用Bulk API 實現批量操做
- 3. Vue實現複選框,批量操做
- 4. shell 實現批量操做redis
- 5. Mybatis實現批量刪除操做
- 6. MyBatis 批量操做實現原理
- 7. ElasticSearch實戰 (二)CRUD以及bulk批量操做 api
- 8. java api 批量數據庫操做
- 9. Django ORM 中的批量操做 Django ORM 中的批量操做
- 10. Flask實現RESTful API
- 更多相關文章...
- • 現實生活中的 XML - XML 教程
- • PHP RESTful - PHP參考手冊
- • ☆基於Java Instrument的Agent實現
- • Spring Cloud 微服務實戰(三) - 服務註冊與發現
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
歡迎關注本站公眾號,獲取更多信息
