Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
django-timestampable
Advanced tools
Timestamps and Soft Delete Patterns in Django Models.
$ pip install django-timestampable
To install django-timestampable with Django Rest Framework included:
$ pip install "django-timestampable[drf]"
You can use the first option if you have Django Rest Framework already installed.
INSTALLED_APPS = [
# ...
'timestamps',
]
INSTALLED_APPS = [
# ...
'rest_framework',
'timestamps',
]
a) For models you want timestamps, just inherit Timestampable:
from timestamps.models import models, Timestampable
class YourModel(Timestampable):
# your fields here ...
b) For models you want soft-delete, just inherit SoftDeletes:
from timestamps.models import models, SoftDeletes
class YourModel(SoftDeletes):
# your fields here ...
c) If you want both, you can also inherit from Model for shorter convenience:
# to this:
from timestamps.models import models, Model # explicit import Model (which contains timestamps)
# instead of:
# from django.db import models
# Explicitly import of "Model" is required
# because models.Model is the original from Django models module
class YourModel(Model):
# your fields here ...
queryset = YourModel.objects
queryset = YourModel.objects_deleted
queryset = YourModel.objects_with_deleted
some_model = MyModel.objects.first()
some_model.delete() # or some_model.delete(hard=False)
some_model = MyModel.objects_deleted.first()
some_model.restore()
some_model = MyModel.objects.first()
some_model.delete(hard=True)
qs = MyModel.objects # you can also apply filters to bulk delete a subset: qs = MyModel.objects.filter(...)
qs.delete() # or qs.delete(hard=False)
qs = MyModel.objects # ... bulk hard delete a subset: qs = MyModel.objects.filter(...)
qs.delete(hard=True)
qs = MyModel.objects_deleted # ... bulk restore a subset: qs = MyModel.objects_deleted.filter(...)
qs.restore() # or qs.delete(hard=False)
You have 4 signals available that you can listen in your project:
To use them, just import the signals and register listeners for them. Eg:
from timestamps.signals import pre_soft_delete
from django.dispatch import receiver
@receiver(pre_soft_delete)
def on_pre_soft_delete(sender, instance, **kwargs):
print(f"Model {sender} with id {instance.pk} will be deleted!")
from timestamps.signals import post_soft_delete
from django.dispatch import receiver
@receiver(post_soft_delete)
def on_post_soft_delete(sender, instance, **kwargs):
print(f"Model {sender} with id {instance.pk} was deleted at {instance.deleted_at}!")
from timestamps.signals import pre_restore
from django.dispatch import receiver
@receiver(pre_restore)
def on_pre_restore(sender, instance, **kwargs):
print(f"Model {sender} with id {instance.pk} deleted at {instance.deleted_at} will be restored!")
from timestamps.signals import post_restore
from django.dispatch import receiver
@receiver(post_restore)
def on_post_restore(sender, instance, **kwargs):
print(f"Model {sender} with id {instance.pk} restored!")
You can use the SoftDeleteModelViewSet along with DefaultRouter present in this package and you will have access to a complete CRUD on soft deleted objects as well. This 2 classes allows you to expose:
Consider a Dummy Model that inherits from SoftDelete.
You can have all routes for CRUD operations on this model:
VERB | URL PATH | DESCRIPTION |
---|---|---|
GET | /dummy/ | gets all the objects, without the deleted ones |
POST | /dummy/ | creates a new object |
DELETE | /dummy/[?permanent=<true,false>] | deletes all objects (or a filtered subject). allows hard-delete. Default: soft-delete |
GET | /dummy/<pk>/ | gets a non-deleted object (by primary key) |
POST | /dummy/<pk>/ | updates an object (by primary key) |
PATCH | /dummy/<pk>/ | partial updates an object (by primary key) |
DELETE | /dummy/<pk>/[?permanent=<true,false>] | deletes a non-deleted object (by primary key) |
PATCH | /dummy/restore/ | restore all objects (or a filtered subject) |
PATCH | /dummy/<pk>/restore/ | restores a soft-deleted object (by primary key) |
GET | /dummy/deleted/ | gets all deleted objects |
GET | /dummy/deleted/<pk>/ | gets a deleted object (by primary key) |
GET | /dummy/with-deleted/ | get all objects, deleted included |
GET | /dummy/with-deleted/<pk>/ | get an object (by primary key) |
The query parameter "permanent" it's case-sensitive and can also be one of the values:
truthful_options = [
't', 'T',
'y', 'Y', 'yes', 'Yes', 'YES',
'true', 'True', 'TRUE',
'on', 'On', 'ON',
'1', 1,
True
]
falsely_options = [
'f', 'F',
'n', 'N', 'no', 'No', 'NO',
'false', 'False', 'FALSE',
'off', 'Off', 'OFF',
'0', 0,
'null',
False
]
# dummy/views.py
from timestamps.drf import viewsets # instead of: from rest_framework import viewsets
from .models import Dummy
from .serializers import DummySerializer
class DummyModelViewSet(viewsets.ModelViewSet):
queryset = Dummy.objects.all()
serializer_class = DummySerializer
# dummy/urls.py
from timestamps.drf import routers # instead of: from rest_framework import routers
from .views import DummyModelViewSet
router = routers.DefaultRouter()
router.register(r'dummy', DummyModelViewSet)
urlpatterns = router.urls
For security reasons, by default, if you pass to the query parameter "?permanent=true" on a bulk destroy, the view will not let you hard-delete, raising a PermissionDenied. If you want to enable it on your project, just add to the project settings:
TIMESTAMPS__BULK_HARD_DELETE = True
It's here to prevent users of "forgetting" that the routes also expose bulk hard-delete by default. In production, you can set this flag to True and manage hard-deleting using DRF permissions.
Hard-deleting one object at time is allowed by default.
Bulk actions of restoring and deleting returns no content (status code 204) by default. If you want to return a response with the number of deleted/restored objects, just add this setting:
TIMESTAMPS__BULK_RESPONSE_CONTENT = True
Example of returned response: {"count": 3 }
If you don't want to expose all the crud operations, be free to register as:
router.register(r'dummy', DummyModelViewSet.as_view({'get': 'list_with_deleted'})) # e.g.
And you can always use the mixins instead and create your APIViews:
from rest_framework import generic
from timestamps.drf.mixins import ListDeletedModelMixin
from .models import Dummy
from .serializers import DummySerializer
class MyView(ListDeletedModelMixin, generic.GenericAPIView):
queryset = Dummy.objects.all()
serializer_class = DummySerializer
def list_deleted(self, request, *args, **kwargs):
# optional. your code goes here...
Internally, the ListDeletedModelMixin just calls the method ListModelMixin.list(self, request, *args, **kwargs). The method of determining if the queryset must get all objects, only the deleted or all with deleted is done using AOP, which means that the method GenericAPIView.get_queryset() is advised at runtime to map the current action to the correct queryset the view needs.
If you don't inherit from generic.GenericAPIView, you must be aware that, for this type of scenarios, you need to override the method get_queryset() to return the objects that matches your needs.
FAQs
Timestamps and Soft Delete Patterns in Django Models
We found that django-timestampable demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.