#Django Queries

Hi,

I need ideas on how to handle this logic. I have 2 models: Albums and Photos. The Photos model is related to the Albums model by a ForeignKey. Now, it could happen that I have multiple albums and multiples photos in each Album. How can I define this in the views such that only photos in each album is displayed rather than all photos in all albums? I am a bit confused on how to go about it. Thanks.

PS: This is in Django

The url should identify which album to use via a URL parameter. Check out the docs on url dispatching.

Once you're passing that album identifier (can be ID, a slug or some other unique characteristic), you can now filter the photos by that album.

The official django tutorial covers something similar I think.

@thorny niche I didn't understand what you need?

{
  album1: [photo1, photo2],
  album2: [photo3, photo4]
}

did you find it out

I need a view that only displays photos one album at a time, not all photos in all albums. What I mean is once a visitor clicks on an album, the photos in it should be on display.

Not the solution.

like Tim said, you pass the album id/slug parameter in url

do you have a separate frontend or you use django templates?

def get_album_photos(request, id):
  photos = Photo.objects.filter(album__id=id)
  ... get whatever you need

# urls

path("albums/<int:id>/photos/", get_album_photos)

something like this

https://docs.djangoproject.com/en/4.1/intro/tutorial04/ this part of the tutorial shows how you can show results and votes for a particular question. An album in your data model is the equivalent to a question in the tutorial's example.

I have separate frontend.

the same logic applies

make an api call with album id/slug

then get photos for that album

which is what Tim said, why do you say not the solution?

I think the solution should be strictly in the views...

Okay. I will look at your response again and read the article too.

this is a view?

Looks like it. Can this be used in APIView in Django REST framework?

class AlbumsView(APIView):
  def get(self, request):
    albums = Album.objects.all()
    serializer = YourAlbumSerializer
    return Response(serializer.data)


class AlbumsPhotosView(APIView):
  def get(self, request, album_id=None):
    photos = Photo.objects.filter(album__id=album_id)
    serializer = YourPhotosSerializer
    return Response(serializer.data)

class based view or function, doesnt matter

Ah! This seems right. Thanks a lot.

Okay. One more thing please...how would permission be handled in this view such that only authenticated users can perform CRUD operations on albums and photos, and unauthenticated users can only read...?

you are using DRF right?

from rest_framework.permissions import IsAuthenticated, DjangoModelPermissions

class YourView(...):
  permission_classes = [IsAuthenticated, DjangoModelPermissions, your, other, permissions]

https://www.django-rest-framework.org/api-guide/permissions/#djangomodelpermissions

using DjangoModelPermissions will use django's built in crud permissions for lookup

Yes, I am.

if most of your site requires authentication, it's always better to set base permission to IsAuthenticated in your settings

And thank you for the resource.

then you just use AllowAny permission on the views that doesn't require authentication

Okay.

If I set base authentication to IsAuthenticated, does this mean I wouldn't need to explicitly state it in the views and then for views that do not require permissions, I can explicitly use AllowAny?

yes

https://www.django-rest-framework.org/api-guide/settings/#default_permission_classes

here

Okay. which authentication framework or library would you suggestion? I tried Djoser but I do not understand how it works. Plus, I also need to use Djoser alongside a token authentication like JWT. How can I combine both?

Okay. Thank you so much.

if you want to implement social auth in future

i think it was django-allauth?

better look it up, can't say for sure

Alright then. I will.

In reference to this, in the same vein, if I want to define a post request, I would define it where I want to under the APIView?

yes, you define request methods under the class based view @thorny niche

post/get/patch/put/delete..

look at GenericAPIView if you are working with models in a view (this is the case most of the time)

Which means if I wish to perform these operations, I have to define each of the 4 operations in the views?

yes, otherwise you will get method not allowed error

Does it allow for custom definition of the operations as well?

yes, but it will ask you to set get_queryset method

You have explained better than even the documentation. It's clear to me. Thank you.

or queryset attribute for the class

Hmm...Okay. I will look it up if that's the case.

https://www.django-rest-framework.org/api-guide/generic-views/#generic-views better look here about generic views, I personally always use GenericView and define post/patch/delete/get methods but maybe you don't have to do that

I really appreciate the time you have taken, but I have one more question as regards serializers. I read that they are a sort of replacement for forms in DRF. This means we will need to process the serializer when we want to use it in a view?

@thorny niche I would say yes and no. Serializer basically serializes your data json to python and vice-versa. But obviously it has many benefits like validation, custom validation, custom crud operations, representation of nested relations etc etc

but also comes with drawbacks

Hmmm....would you say the drawbacks should make one avoid using them? A friend mentioned that serializers aren't very efficient and should be avoided or something. Didn't give an alternative so I didn't believe him.

yes when you have 100 rows, 1000 rows of data, it seems all fine. when you have lots of data you start to notice the drawbacks (slow)

there are ways to improve performance, for example ModelSerializer is slow compared to base serializer serializers.Serializer because it has extra logic related to model

when you have a model

class User(Model):
  name
  full_name
  email
  age
  city
  ...

class UserSerializer(serializers.ModelSerializer):
  class Meta:
    model = User
    fields = "__all__"

If I wanted to serialize User data, unless you have some advanced field calculations, I don't see the need to use serializer.

you could just do User.objects.values()

the speed difference is very noticable

but for create/update, I would use serializer because It's easier to implement custom validations and provides abstraction

you can read https://hakibenita.com/django-rest-framework-slow

very good article regarding this topic

In late 2013, Tom Christie, the creator of Django Rest Framework, wrote an article discussing some of DRF's drawbacks. In his benchmarks, serialization accounted for 12% of the total time spend on processing a single request. In the summary, Tom recommends to not always resort to serialization:

4. You don't always need to use serializers.

For performance critical views you might consider dropping the serializers entirely and simply use .values() in your database queries.

Oh, thank you so much for this. I really appreciate your help.

you are welcome