Reputation: 2500
Django Rest Framework: Change Serializer or Add Field Based on Authentication
I have a viewset as follows:
class CardViewSet(viewsets.ReadOnlyModelViewSet):
"""
Standard Viewset for listing cards
"""
pagination_class = StandardCellSetPagination
permission_classes = [AllowAny, IsAuthenticated]
def list(self, request):
queryset = Card.objects.exclude(reply_to__isnull=False).order_by('-created')
cards = self.paginate_queryset(queryset)
serializer = CardCellSerializer(cards, many=True)
return self.get_paginated_response(serializer.data)
def retrieve(self, request, pk=None):
queryset = Card.objects.all()
card = get_object_or_404(queryset, pk=pk)
serializer = CardSerializer(card)
return Response(serializer.data)
My serializer for the CardSerializer is:
class CardSerializer(serializers.ModelSerializer):
class Meta:
model = Card
How do I either
- Change the serializer for the retrieve method if the viewset has the permission
IsAuthenticated? OR - Add a field to the
CardSerializerif viewset hasIsAuthenticated?
Such that I can return True / False if a user has favorited the card via a SerializerMethodField
Upvotes: 4
Views: 3492
Answers (1)
Reputation: 6013
You can do this:
def retrieve(self, request, pk=None):
queryset = Card.objects.all()
card = get_object_or_404(queryset, pk=pk)
# Same for list method
if request.user and request.user.is_authenticated:
serializer = AuthenticatedCardSerializer(card)
else:
serializer = CardSerializer(card)
return Response(serializer.data)
AuthenticatedCardSerializer could then extend CardSerializer to include any fields visible to authenticated users.
Also if you decide to use same serialization behavior for list and retrieve, you could override get_serializer_class in your viewset instead:
def get_serializer_class(self):
if self.request.user and self.request.user.is_authenticated:
return AuthenticatedCardSerializer
else:
return CardSerializer
and leave everything else to the default list/retrieve implementations.
As an alternative, you could add the field in serializer's __init__. You can get the request from the context kwarg, do the same check and add any fields you need. I think though that it is needlessly more complicated than just having two serializers.
Upvotes: 9
Related Questions
- How to withold specific properties in Django Rest Framework Serializer based on the logged in user?
- Django Rest Framework - how to customize serializer field
- Specify django-rest-framework field for serializer after request?
- Add user specific fields to Django REST Framework serializer
- Use different serializer depending on the authentication method in django rest framework
- Django REST Framework how to limit user access to certain serializer field
- How to specify which fields are serialised for authenticated and non-authenticated user in django rest framework?
- Django REST Framework Specify Some Fields Before calling serializer.isValid()
- Django rest framework add field in serializer for using with post method only
- Dynamically modifying serializer fields in Django Rest Framework