update
This commit is contained in:
@ -1,9 +1,10 @@
|
||||
# blog/urls.py
|
||||
|
||||
from django.urls import path
|
||||
from .views import PostListView, PostListCreateView
|
||||
from .views import PostListView, PostListCreateView, PostDetailView
|
||||
|
||||
urlpatterns = [
|
||||
path('posts/', PostListView.as_view(), name='post-list'),
|
||||
path('create/', PostListCreateView.as_view(), name='post-list-create'),
|
||||
path('posts/<int:pk>/', PostDetailView.as_view(), name='post-detail'),
|
||||
]
|
||||
|
||||
@ -1,15 +1,14 @@
|
||||
# blog/views.py
|
||||
|
||||
from rest_framework import generics, permissions
|
||||
from rest_framework.exceptions import PermissionDenied
|
||||
from .models import Post
|
||||
from .serializers import PostSerializer
|
||||
from .utils import verify_token_with_auth_server # ✅ 추가
|
||||
|
||||
from .utils import verify_token_with_auth_server
|
||||
|
||||
class PostListView(generics.ListAPIView):
|
||||
queryset = Post.objects.all().order_by('-created_at')
|
||||
serializer_class = PostSerializer
|
||||
# permission_classes = [permissions.IsAuthenticated]
|
||||
permission_classes = [permissions.AllowAny]
|
||||
|
||||
class PostListCreateView(generics.ListCreateAPIView):
|
||||
@ -18,8 +17,32 @@ class PostListCreateView(generics.ListCreateAPIView):
|
||||
permission_classes = [permissions.IsAuthenticated]
|
||||
|
||||
def perform_create(self, serializer):
|
||||
# ✅ 토큰 추출 및 유효성 2차 검증
|
||||
token = self.request.headers.get("Authorization", "").replace("Bearer ", "")
|
||||
verify_token_with_auth_server(token)
|
||||
serializer.save(author_name=self.request.user.username)
|
||||
|
||||
# ✅ 조회, 수정, 삭제 전부 처리
|
||||
class PostDetailView(generics.RetrieveUpdateDestroyAPIView):
|
||||
queryset = Post.objects.all()
|
||||
serializer_class = PostSerializer
|
||||
|
||||
def get_permissions(self):
|
||||
if self.request.method in ["PUT", "PATCH", "DELETE"]:
|
||||
return [permissions.IsAuthenticated()]
|
||||
return [permissions.AllowAny()]
|
||||
|
||||
def perform_update(self, serializer):
|
||||
token = self.request.headers.get("Authorization", "").replace("Bearer ", "")
|
||||
verify_token_with_auth_server(token)
|
||||
|
||||
serializer.save(author_name=self.request.user.username)
|
||||
if serializer.instance.author_name != self.request.user.username:
|
||||
raise PermissionDenied("작성자만 수정할 수 있습니다.")
|
||||
serializer.save()
|
||||
|
||||
def perform_destroy(self, instance):
|
||||
token = self.request.headers.get("Authorization", "").replace("Bearer ", "")
|
||||
verify_token_with_auth_server(token)
|
||||
|
||||
if instance.author_name != self.request.user.username:
|
||||
raise PermissionDenied("작성자만 삭제할 수 있습니다.")
|
||||
instance.delete()
|
||||
|
||||
Reference in New Issue
Block a user