update
This commit is contained in:
@ -1,9 +1,10 @@
|
|||||||
# blog/urls.py
|
# blog/urls.py
|
||||||
|
|
||||||
from django.urls import path
|
from django.urls import path
|
||||||
from .views import PostListView, PostListCreateView
|
from .views import PostListView, PostListCreateView, PostDetailView
|
||||||
|
|
||||||
urlpatterns = [
|
urlpatterns = [
|
||||||
path('posts/', PostListView.as_view(), name='post-list'),
|
path('posts/', PostListView.as_view(), name='post-list'),
|
||||||
path('create/', PostListCreateView.as_view(), name='post-list-create'),
|
path('create/', PostListCreateView.as_view(), name='post-list-create'),
|
||||||
|
path('posts/<int:pk>/', PostDetailView.as_view(), name='post-detail'),
|
||||||
]
|
]
|
||||||
|
|||||||
@ -1,25 +1,48 @@
|
|||||||
# blog/views.py
|
# blog/views.py
|
||||||
|
|
||||||
from rest_framework import generics, permissions
|
from rest_framework import generics, permissions
|
||||||
|
from rest_framework.exceptions import PermissionDenied
|
||||||
from .models import Post
|
from .models import Post
|
||||||
from .serializers import PostSerializer
|
from .serializers import PostSerializer
|
||||||
from .utils import verify_token_with_auth_server # ✅ 추가
|
from .utils import verify_token_with_auth_server
|
||||||
|
|
||||||
|
|
||||||
class PostListView(generics.ListAPIView):
|
class PostListView(generics.ListAPIView):
|
||||||
queryset = Post.objects.all().order_by('-created_at')
|
queryset = Post.objects.all().order_by('-created_at')
|
||||||
serializer_class = PostSerializer
|
serializer_class = PostSerializer
|
||||||
# permission_classes = [permissions.IsAuthenticated]
|
|
||||||
permission_classes = [permissions.AllowAny]
|
permission_classes = [permissions.AllowAny]
|
||||||
|
|
||||||
class PostListCreateView(generics.ListCreateAPIView):
|
class PostListCreateView(generics.ListCreateAPIView):
|
||||||
queryset = Post.objects.all().order_by('-created_at')
|
queryset = Post.objects.all().order_by('-created_at')
|
||||||
serializer_class = PostSerializer
|
serializer_class = PostSerializer
|
||||||
permission_classes = [permissions.IsAuthenticated]
|
permission_classes = [permissions.IsAuthenticated]
|
||||||
|
|
||||||
def perform_create(self, serializer):
|
def perform_create(self, serializer):
|
||||||
# ✅ 토큰 추출 및 유효성 2차 검증
|
token = self.request.headers.get("Authorization", "").replace("Bearer ", "")
|
||||||
|
verify_token_with_auth_server(token)
|
||||||
|
serializer.save(author_name=self.request.user.username)
|
||||||
|
|
||||||
|
# ✅ 조회, 수정, 삭제 전부 처리
|
||||||
|
class PostDetailView(generics.RetrieveUpdateDestroyAPIView):
|
||||||
|
queryset = Post.objects.all()
|
||||||
|
serializer_class = PostSerializer
|
||||||
|
|
||||||
|
def get_permissions(self):
|
||||||
|
if self.request.method in ["PUT", "PATCH", "DELETE"]:
|
||||||
|
return [permissions.IsAuthenticated()]
|
||||||
|
return [permissions.AllowAny()]
|
||||||
|
|
||||||
|
def perform_update(self, serializer):
|
||||||
token = self.request.headers.get("Authorization", "").replace("Bearer ", "")
|
token = self.request.headers.get("Authorization", "").replace("Bearer ", "")
|
||||||
verify_token_with_auth_server(token)
|
verify_token_with_auth_server(token)
|
||||||
|
|
||||||
serializer.save(author_name=self.request.user.username)
|
if serializer.instance.author_name != self.request.user.username:
|
||||||
|
raise PermissionDenied("작성자만 수정할 수 있습니다.")
|
||||||
|
serializer.save()
|
||||||
|
|
||||||
|
def perform_destroy(self, instance):
|
||||||
|
token = self.request.headers.get("Authorization", "").replace("Bearer ", "")
|
||||||
|
verify_token_with_auth_server(token)
|
||||||
|
|
||||||
|
if instance.author_name != self.request.user.username:
|
||||||
|
raise PermissionDenied("작성자만 삭제할 수 있습니다.")
|
||||||
|
instance.delete()
|
||||||
|
|||||||
Reference in New Issue
Block a user