RESTful API批量操作的实现
程序员文章站
2022-12-26 12:52:55
要解决的问题 RESTful API对于批量操作存在一定的缺陷。例如资源的删除接口: 如果我们要删除100条数据怎么搞?难道要调用100次接口吗? 比较容易想到的是下面两种方案: 1. 用逗号分割放进url里: 2. 将需要删除的资源的id放到请求体里面 对于方案1,由于浏览器对url的长度存在限制 ......
要解决的问题
restful api对于批量操作存在一定的缺陷。例如资源的删除接口:delete /api/resourse/<id>/
如果我们要删除100条数据怎么搞?难道要调用100次接口吗?
比较容易想到的是下面两种方案:
- 用逗号分割放进url里:
/api/resource/1,2,3...
- 将需要删除的资源的id放到请求体里面
对于方案1,由于浏览器对url的长度存在限制,如果操作的资源过多就无法实现。
对于方案2,这种处理方式存在一定的风险,因为根据rpc标准文档,delete
的请求体在语义上没有意义,一些网关、代理、防火墙在收到delete
请求后,会把请求的body直接剥离掉。
所以我参考,将批量处理的操作名称和数据全部放到请求体里,统一使用post
请求发送:
post /api/resource/batch/ body: { "method": "create", "data": [ { "name": "mr.bean" }, { "name": "chaplin" }, { "name": "jim carrey" } ] } post /api/resource/batch/ body: { "method": "update", "data": { "1": { "name": "mr.bean" }, "2": { "name": "chaplin" } } } post /api/resource/batch/ body: { "method": "delete", "data": [1, 2, 3] }
python实现
环境:python==3.6.5, django==2.2, djangorestframework==3.9.4
在genericviewset
中加入了一些自定义的分发逻辑,将相应的batch view
放在mixin里实现可重用。
class batchgenericviewset(genericviewset): batch_method_names = ('create', 'update', 'delete') def batch_method_not_allowed(self, request, *args, **kwargs): method = request.batch_method raise exceptions.methodnotallowed(method, detail=f'batch method {method.upper()} not allowed.') def initialize_request(self, request, *args, **kwargs): request = super().initialize_request(request, *args, **kwargs) # 将batch_method从请求体中提取出来,方便后面使用 batch_method = request.data.get('method', none) if batch_method is not none: request.batch_method = batch_method.lower() else: request.batch_method = none return request def dispatch(self, request, *args, **kwargs): self.args = args self.kwargs = kwargs request = self.initialize_request(request, *args, **kwargs) self.request = request self.headers = self.default_response_headers try: self.initial(request, *args, **kwargs) # 首先识别batch_method并进行分发 if request.batch_method in self.batch_method_names: method_name = 'batch_' + request.batch_method.lower() handler = getattr(self, method_name, self.batch_method_not_allowed) elif request.method.lower() in self.http_method_names: handler = getattr(self, request.method.lower(), self.http_method_not_allowed) else: handler = self.http_method_not_allowed response = handler(request, *args, **kwargs) except exception as exc: response = self.handle_exception(exc) self.response = self.finalize_response(request, response, *args, **kwargs) return self.response
下面是mixin,因为懒所以放在了一个里面:
class batchmixin: def batch_create(self, request, *args, **kwargs): """ create a batch of model instance request body like this: { "method": "create", "data": [ { "name": "mr.liu", "age": 27 }, { "name": "chaplin", "age": 88 } ] } """ data = request.data.get('data', none) if not isinstance(data, list): raise exceptions.validationerror({'data': 'data must be a list.'}) serializer = self.get_serializer(data=data, many=true) serializer.is_valid(raise_exception=true) with transaction.atomic(): self.perform_create(serializer) headers = self.get_success_headers(serializer.data) return response(serializer.data, status=status.http_201_created, headers=headers) def batch_update(self, request, *args, **kwargs): """ update a batch of model instance request body like this: { "method": "update", "data": { 1: { "name": "mr.liu" }, 2: { "name": "jim carrey" } } } """ data = request.data.get('data', none) if not isinstance(data, dict): raise exceptions.validationerror({'data': 'data must be a object.'}) ids = [int(id) for id in data] queryset = self.get_queryset().filter(id__in=ids) results = [] for obj in queryset: serializer = self.get_serializer(obj, data=data[str(obj.id)], partial=true) serializer.is_valid(raise_exception=true) with transaction.atomic(): self.perform_update(serializer) results.append(serializer.data) return response(results) def batch_delete(self, request, *args, **kwargs): """ delete a batch of model instance request body like this: { "method": "delete", "data": [1, 2] } """ data = request.data.get('data', none) if not isinstance(data, list): raise exceptions.validationerror({'data': 'data must be a list.'}) queryset = self.get_queryset().filter(id__in=data) with transaction.atomic(): self.perform_destroy(queryset) return response(status=status.http_204_no_content)
这样实现对于restframework框架的modelpermission
权限判定会出现问题,因为所有请求都是通过post
实现的,默认情况下无法对model
的增、删、改权限进行有效的判断。稍微修改下djangomodelpermissions
就可以了:
class batchmodelpermissions(djangomodelpermissions): batch_method_map = { 'create': 'post', 'update': 'patch', 'delete': 'delete' } def has_permission(self, request, view): if getattr(view, '_ignore_model_permissions', false): return true if not request.user or ( not request.user.is_authenticated and self.authenticated_users_only): return false queryset = self._queryset(view) # 这里,这里 batch_method = getattr(request, 'batch_method', none) if batch_method is not none: perms = self.get_required_permissions(self.batch_method_map[batch_method], queryset.model) else: perms = self.get_required_permissions(request.method, queryset.model) return request.user.has_perms(perms)
参考:
下一篇: 学习RadonDB源码(一)