Per Field Permission in Django REST Framework

前端未结

关注

 7  2259

I am using Django REST Framework to serialize a Django model. I have a ListCreateAPIView view to list the objects and a RetrieveUpdateDestroyAPIView view to retrieve/update

相关标签:

7条回答

说谎

2020-12-24 02:20

Just share another possible solution

For example, to make email only show for oneself.

On UserSerializer, add:

email = serializers.SerializerMethodField('get_user_email')

Then implement get_user_email like this:

def get_user_email(self, obj):
    user = None
    request = self.context.get("request")
    if request and hasattr(request, "user"):
        user = request.user
    return obj.email if user.id == obj.pk else 'HIDDEN'

0 讨论(0)

上一页 1 2