winner245
diff --git a/‎tutorial4/db.sqlite3
0 Bytes b/‎tutorial4/db.sqlite3
0 Bytes
diff --git a/‎tutorial5/db.sqlite3
48 KB b/‎tutorial5/db.sqlite3
48 KB
diff --git a/‎tutorial5/snippets/__pycache__/serializers.cpython-39.pyc
120 Bytes b/‎tutorial5/snippets/__pycache__/serializers.cpython-39.pyc
120 Bytes
diff --git a/‎tutorial5/snippets/__pycache__/urls.cpython-39.pyc
189 Bytes b/‎tutorial5/snippets/__pycache__/urls.cpython-39.pyc
189 Bytes
diff --git a/‎tutorial5/snippets/__pycache__/views.cpython-39.pyc
891 Bytes b/‎tutorial5/snippets/__pycache__/views.cpython-39.pyc
891 Bytes
diff --git a/‎tutorial5/snippets/serializers.py
+11-6 b/‎tutorial5/snippets/serializers.py
+11-6
diff --git a/‎tutorial5/snippets/urls.py
+6-4 b/‎tutorial5/snippets/urls.py
+6-4
diff --git a/‎tutorial5/snippets/views.py
+24-3 b/‎tutorial5/snippets/views.py
+24-3
@@ -28,20 +28,25 @@
 #         instance.style = validated_data.get('style', instance.style)
 #         instance.save()
 #         return instance
+ 
 
-
-class SnippetSerializer(serializers.ModelSerializer):
-    # why do we need to explicitly specify here whilde Snippet model alreayd has this field?
+class SnippetSerializer(serializers.HyperlinkedModelSerializer):
+    # why do we need to explicitly specify the owner filed here while Snippet model already has this field?
+    # Because the owner field stored in the snippet model is a FK, which is an ID. But we need the username of the owner. 
     owner = serializers.ReadOnlyField(source='owner.username')  
 
+    # The highlight field in the snippet model is the entire HTML content, but here we just need its url.
+    highlight = serializers.HyperlinkedIdentityField(view_name='snippet-highlight', format='html') 
+    
     class Meta:
         model = Snippet
-        fields = ['id', 'owner', 'title', 'code', 'linenos', 'language', 'style']
+        fields = ['url', 'id', 'owner', 'highlight', 'title', 'code', 'linenos', 'language', 'style']
 
 
-class UserSerializer(serializers.ModelSerializer):
+class UserSerializer(serializers.HyperlinkedModelSerializer):
     # 对于 model 中不存在的 field，需要额外指定
-    snippets = serializers.PrimaryKeyRelatedField(many=True, queryset=Snippet.objects.all())
+    #snippets = serializers.PrimaryKeyRelatedField(many=True, queryset=Snippet.objects.all())
+    snippets = serializers.HyperlinkedRelatedField(many=True, view_name='snippet-detail', read_only=True)
 
     class Meta:
         model = User
 
@@ -4,10 +4,12 @@
 from snippets.serializers import UserSerializer
 
 urlpatterns = [
-    path('snippets/', views.SnippetList.as_view()),    # When we use class-based view, we need to call as_view() to get the view form class
-    path('snippets/<int:pk>/', views.SnippetDetail.as_view()),
-    path('users/', views.UserList.as_view()), 
-    path('users/<int:pk>/', views.UserDetail.as_view()),
+    path('', views.api_root),
+    path('snippets/', views.SnippetList.as_view(), name='snippet-list'),    # When we use class-based view, we need to call as_view() to get the view form class
+    path('snippets/<int:pk>/', views.SnippetDetail.as_view(), name='snippet-detail'),
+    path('snippets/<int:pk>/highlight/', views.SnippetHighlight.as_view(), name='snippet-highlight'),
+    path('users/', views.UserList.as_view(), name='user-list'), 
+    path('users/<int:pk>/', views.UserDetail.as_view(), name='user-detail'),
 ]
 
 
 
@@ -1,10 +1,20 @@
 from django.contrib.auth.models import User
 from snippets.models import Snippet
 from snippets.serializers import SnippetSerializer, UserSerializer
-from rest_framework import generics, permissions
+from rest_framework import generics, permissions, renderers
+from rest_framework.decorators import api_view
+from rest_framework.response import Response
+from rest_framework.reverse import reverse
 from .permissions import IsOwnerOrReadOnly
 
 
+@api_view(['GET'])
+def api_root(request, format=None):
+    return Response({
+        'users': reverse('user-list', request=request, format=format),
+        'snippets': reverse('snippet-list', request=request, format=format)
+    }) 
+
 class SnippetList(generics.ListCreateAPIView):
     queryset = Snippet.objects.all()
     serializer_class = SnippetSerializer
@@ -19,13 +29,24 @@ def perform_create(self, serializer):
 class SnippetDetail(generics.RetrieveUpdateDestroyAPIView):
     queryset = Snippet.objects.all()
     serializer_class = SnippetSerializer
-    permission_classes = [permissions.IsAuthenticatedOrReadOnly, IsOwnerOrReadOnly]
-    
+    permission_classes = [permissions.IsAuthenticatedOrReadOnly, IsOwnerOrReadOnly]  # IsOwnerOrReadOnly: custom object-level permission
 
+
+class SnippetHighlight(generics.GenericAPIView):
+    queryset = Snippet.objects.all()
+    renderer_classes = [renderers.StaticHTMLRenderer]
+
+    def get(self, request, *args, **kwargs):
+        snippet = self.get_object()
+        return Response(snippet.highlighted)
+
+
 class UserList(generics.ListAPIView): 
     queryset = User.objects.all() 
     serializer_class = UserSerializer
+    permission_classes = [permissions.IsAdminUser]
 
 class UserDetail(generics.RetrieveAPIView): 
     queryset = User.objects.all() 
     serializer_class = UserSerializer
+    permission_classes = [permissions.IsAdminUser]