Django REST API:将字段设为只读,以获取特定权限级别 [英] Django REST API: Make field read-only for certain permission level
本文介绍了Django REST API:将字段设为只读,以获取特定权限级别的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
如何使某些字段对于特定用户权限级别为只读?
How make some fields read-only for particular user permission level?
有一个Django REST API项目.有一个具有两个字段的 Foo
序列化程序- foo
和 bar
.有2个权限- USER
和 ADMIN
.
There is a Django REST API project. There is an Foo
serializer with 2 fields - foo
and bar
. There are 2 permissions - USER
and ADMIN
.
序列化器定义为:
class FooSerializer(serializers.ModelSerializer):
...
class Meta:
model = FooModel
fields = ['foo', 'bar']
如何确保"bar"字段对于 USER
是只读的,对于 ADMIN
是可写的?
How does one makes sure 'bar' field is read-only for USER
and writable for ADMIN
?
我会这样使用:
class FooSerializer(serializers.ModelSerializer):
...
class Meta:
model = FooModel
fields = ['foo', 'bar']
read_only_fields = ['bar']
但是如何使其成为有条件的(取决于权限)?
But how to make it conditional (depending on permission)?
推荐答案
您可以使用视图的get_serializer_class()方法为不同的用户使用不同的序列化程序:
You can use get_serializer_class() method of the view to use different serializers for different users:
class ForUserSerializer(serializers.ModelSerializer):
class Meta:
model = ExampleModel
fields = ('id', 'name', 'bar')
read_only_fields = ('bar',)
class ForAdminSerializer(serializers.ModelSerializer):
class Meta:
model = ExampleModel
fields = ('id', 'name', 'bar', 'for_admin_only_field')
class ExampleView(viewsets.ModelViewSet):
...
def get_serializer_class(self):
if self.request.user.is_admin:
return ForAdminSerializer
return ForUserSerializer
这篇关于Django REST API:将字段设为只读,以获取特定权限级别的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文