Reputation: 515
restrict fields according to user permissions in django
I'm building an API using Django rest framework. I have to restrict access to fields (both read or write access) according to the kind of user logged in. How do I go about it ? I'm considering writing separate serializers for different user roles
(I will get an access token with every request using which I can authenticate the user, the next step will get me the user's roles, according to which I want to restrict what fields the user can see/edit).
Upvotes: 2
Views: 1179
Answers (1)
Reputation: 17506
In case you want to give certain users model level permissions to conduct certain actions you can do this with custom permissions like so:
class T21Turma(models.Model):
class Meta:
permissions = (("can_view_boletim", "Can view boletim"),
("can_view_mensalidades", "Can view mensalidades"),)
Then you can either make several serializers and swap them out in the views based on the permissions, or you can modify the fields of the serializer dynamically.
Upvotes: 2
Related Questions
- Per Field Permission in Django REST Framework
- Django REST framework restrict posting and browsable Api-fields
- Django REST API: Make field read-only for certain permission level
- Give user access only to one field - Django
- Restrict certain model fields for user in Django Restful API Framework
- Django Rest Framework and field-level permissions
- Django REST framework: restricting user access for objects
- Django REST Framework how to limit user access to certain serializer field
- django rest framework: object field permissions
- django-rest-framework : setting per user permissions