intersis / django-rest-serializer-field-permissions Goto Github PK
View Code? Open in Web Editor NEWField-by-field serializer permissions for Django Rest Framework.
License: GNU General Public License v3.0
Field-by-field serializer permissions for Django Rest Framework.
License: GNU General Public License v3.0
I'd like to use field-permissions with a JSONField.
Hi, first of all, great work on this package!
I'm trying to use it along with DRF's nested serializers feature.
My code looks something like this:
class AccountSerializer(serializers.ModelSerializer):
email = fields.EmailField(permission_classes=(IsAuthenticated(), ))
class Meta:
model = Account
class ContactSerializer(serializers.ModelSerializer):
account = AccountSerializer(read_only=True)
class Meta:
model = Contact
fields = (..., 'account', )
Unfortunately I'm getting the following error when calling the endpoint:
File ".../rest_framework_serializer_field_permissions/serializers.py", line 24, in fields
request = self._context["request"]
KeyError: 'request'
Looks like the context is not passed to the nested serializer, so we can't access the request.
I used the workaround suggested here encode/django-rest-framework#2555 (comment) and it works but is there a nicer way to solve this?
I can help out and open a PR if you have an idea.
After trying to set up field based permissions with this library, I discovered I was unable to use permission on serializers with many=True
. I believe this is likely because when you create a serializer with many=True
DRF creates a ListSerializer
to stand in for the serializer a user is creating.
I think a way to solve this problem would be to find some way to get the check_permission
attribute to be on the ListSerializer
, possibly by creating a custom list serializer.
What are your thoughts on this? If I can get some feedback I'll look into it more, implement the changes, and submit a PR.
How about adding permissions to automatically generated fields by specifying the permissions in Meta?
class Meta:
model = ...
fields = [..., 'state']
permissions = {
'state': [...],
}
I have a use case where I am using DRF field permissions with django-rest-framework-json-api
, which uses RelatedField
s in favor of Serializer fields. The current SerializerPermissionMixin
is not compatible with RelatedField
s - but I'm looking for something very similar to that mixin.
The URL in setup currently points to a defunct website, rather than the package repo. That means folks coming from PyPi are unlikely to be able to contribute, see issues, etc, because they can't easily find the repo for this package.
Specifically:
Pattern tests off of DRF.
For more complex object-level field permissions, I think it could be beneficial to pass the instance that is currently being checked to the FieldPermission. This is pretty simply achieved by wrapping Serializer.to_representation(instance) and keeping track of this instance in a Serializer.current_instance variable. (This is necessary for ListSerializers, as the Serializer.instance field contains the entire list in that case).
I have tested/implemented this in a branch on my fork, and will be opening a PR for review.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.