Django REST framework: method PUT not allowed in ViewSet with def update()

Had a similar “Method PUT not allowed” issue with this code, because ‘id’ was missing in the request:

class ProfileStep2Serializer(serializers.ModelSerializer):
    class Meta:
        model = Profile
        fields = ('middle_initial', 'mobile_phone', 'address', 'apt_unit_num', 'city', 'state', 'zip')

class Step2ViewSet(viewsets.ModelViewSet):
    serializer_class = ProfileStep2Serializer

    def get_queryset(self):
        return Profile.objects.filter(pk=self.request.user.profile.id)

Turned out that i have missed ‘id’ in the serializer fields, so PUT request was NOT able to provide an id for the record. The fixed version of the serializer is below:

class ProfileStep2Serializer(serializers.ModelSerializer):
    class Meta:
        model = Profile
        fields = ('id', 'middle_initial', 'mobile_phone', 'address', 'apt_unit_num', 'city', 'state', 'zip')

PUT needs id in URL by default

Sometimes there is the difference between POST and PUT, because PUT needs id in URL
That’s why you get the error: "PUT is not Allowed".

Example:

• POST: /api/users/
• PUT: /api/users/1/

Hope it’ll save a lot of time for somebody

This answer is right, Django REST framework: method PUT not allowed in ViewSet with def update(), PUT is not allowed, because DRF expects the instance id to be in the URL. That being said, using this mixin in your ViewSet is probably the best way to fix it (from https://gist.github.com/tomchristie/a2ace4577eff2c603b1b copy pasted below)

class AllowPUTAsCreateMixin(object):
    """
    The following mixin class may be used in order to support PUT-as-create
    behavior for incoming requests.
    """
    def update(self, request, *args, **kwargs):
        partial = kwargs.pop('partial', False)
        instance = self.get_object_or_none()
        serializer = self.get_serializer(instance, data=request.data, partial=partial)
        serializer.is_valid(raise_exception=True)

        if instance is None:
            lookup_url_kwarg = self.lookup_url_kwarg or self.lookup_field
            lookup_value = self.kwargs[lookup_url_kwarg]
            extra_kwargs = {self.lookup_field: lookup_value}
            serializer.save(**extra_kwargs)
            return Response(serializer.data, status=status.HTTP_201_CREATED)

        serializer.save()
        return Response(serializer.data)

    def partial_update(self, request, *args, **kwargs):
        kwargs['partial'] = True
        return self.update(request, *args, **kwargs)

    def get_object_or_none(self):
        try:
            return self.get_object()
        except Http404:
            if self.request.method == 'PUT':
                # For PUT-as-create operation, we need to ensure that we have
                # relevant permissions, as if this was a POST request.  This
                # will either raise a PermissionDenied exception, or simply
                # return None.
                self.check_permissions(clone_request(self.request, 'POST'))
            else:
                # PATCH requests where the object does not exist should still
                # return a 404 response.
                raise

def update(self, request, pk=None):
    data_in = request.data
    print(data_in)

    instance = self.get_object()
    serializer = self.get_serializer(instance, data=request.data, partial=False)
    serializer.is_valid(raise_exception=True)

    if instance is None:
        lookup_url_kwarg = self.lookup_url_kwarg or self.lookup_field
        lookup_value = self.kwargs[lookup_url_kwarg]
        extra_kwargs = {self.lookup_field: lookup_value}
        serializer.save(**extra_kwargs)
        return Response(serializer.data, status=status.HTTP_201_CREATED)
    serializer.save()
    data_out = serializer.data
    return Response(serializer.data)

Using Django viewsets you can easily map the method in the url e.g.

path('createtoken/', CreateTokenView.as_view({'post': 'create', 'put':'update'}))

Then in your class override the methods as you please:

class CreateTokenView(viewsets.ModelViewSet):
    queryset = yourSet.objects.all()
    serializer_class = yourSerializer

    def create(self, request, *args, **kwargs):
        #any method you want here
        return Response("response")

    def update(self, request, *args, **kwargs):
        # any method you want here
        return Response("response")

I have multiple objects that are working with ModelViewSet and all have different (unique) fields for lookup.

So I came up with another solution for this question by defining put on a parent class and a new field lookup_body_field that can be used to associate payload with existing object:

class CustomViewSet(viewsets.ModelViewSet):
    lookup_body_field = 'id'

    def put(self, pk=None):
        lookup_value = self.request.data.get(self.lookup_body_field)
        if not lookup_value:
            raise ValidationError({self.lookup_body_field: "This field is mandatory"})

        obj = self.get_queryset().filter(**{self.lookup_body_field: lookup_value}).last()
        if not obj:
            return self.create(request=self.request)
        else:
            self.kwargs['pk'] = obj.pk
            return self.update(request=self.request)


class MyViewSetA(CustomViewSet)
    model = ModelA
    lookup_body_field = 'field_a'  # Unique field on ModelA

class MyViewSetB(CustomViewSet)
    model = ModelB
    lookup_body_field = 'field_b'  # Unique field on ModelA


    

Suppose

you have registered a route like this (in urls.py)

router = DefaultRouter()
router.register(r'users', UserViewSet, basename='user-viewset')
urlpatterns += router.urls

and your restapi routs starts with /api/.

ViewSets generates follow routs.

create a user (send user object in body)
POST
/api/users/

get list of users
GET
/api/users/

get a user
GET
/api/users/{id}/

update a user (full object update)
PUT
/api/users/{id}/

partial update for a user
PATCH
/api/users/{id}/

delete a user
DELETE
/api/users/{id}/