I was interested to learn about best practices when it comes to the Django Rest Framework. I limited the access to change certain attributes in the account using different serializers for each user (state versus account owner and any other) and the HTTP method, but I feel that this is too inconsistent.
Is this the best way to accomplish my task of separating "permissions" to modify different fields of an object? Or is there a better and more pythonic way to accomplish what I am currently doing in this way?
Any criticism with the code below is accepted, as I feel like I cut some corners.
Thank you very much.
from rest_framework import serializers, viewsets from rest_framework.permissions import SAFE_METHODS from accounts.models import User from cpapi.permissions import * class UserSerializer(serializers.HyperlinkedModelSerializer): class Meta: model = User fields = ('id', 'url', 'username', 'password') write_only_fields = ('password',) def restore_object(self, attrs, instance=None): user = super(UserSerializer, self).restore_object(attrs, instance) if 'password' in attrs.keys(): user.set_password(attrs['password']) return user class UserDetailsSerializer(UserSerializer): class Meta(UserSerializer.Meta): fields = ('id', 'url', 'username', 'password', 'email') class UserListSerializer(UserSerializer): class Meta(UserSerializer.Meta): fields = ('id', 'url', 'username') class UserWithoutNameSerializer(UserSerializer): class Meta(UserSerializer.Meta): fields = ('id', 'url', 'password', 'email') class UserViewSet(viewsets.ModelViewSet): """ API endpoint that allows users to be viewed or edited. """ serializer_class = UserSerializer model = User def get_serializer_class(self):
source share