Reputation: 3149
How to Force Current User to a Field in Django Rest Framework
Consider I have models, a serializer and a viewset as below:
# models.py
class Foo(models.Model):
owner = models.ForeignKey(User, models.CASCADE, related_name="bars")
# serializers.py
class FooSerializer(serializers.ModelSerializer):
owner = serializers.PrimaryKeyRelatedField(
default=serializers.CurrentUserDefault(),
queryset=User.objects.all(),
)
class Meta:
fields = ["pk", "owner"]
# viewsets.py
# registered to /api/foos/
class FooViewSet(viewsets.ModelViewSet):
serializer_class = FooSerializer
permission_classes = [permissions.IsAuthenticated]
queryset = Foo.objects.all()
So, when I send a POST request to /api/foos/ with an empty body, it creates a Foo instance with its owner field set to the current logged-in user, which is fine.
However, I also want to totally ignore what the currently authenticated user sends as a value to owner. For example, if I do a POST request to /api/foos/ with body user=5 (another user, basically), CurrentUserDefault sets the Foo.owner to that user, which is not the behavior I want to have.
I always want to have the current authenticated user as the value of the field owner of a new Foo instance, or, in other words, I want FooSerializer.owner field to be set as currently authenticated user as a value and ignore what is sent on POST request as a value of owner.
How do I do that?
Thanks in advance.
Environment
- django ^2.2
- djangorestframework ^3.12.4
Upvotes: 3
Views: 2561
Answers (1)
Reputation: 589
Since you don't want owner to be modifiable via your serializer, I'd suggest you to remove the field from the serializer or make it read-only.
You can then set the owner using the serializer's save method that allows you to inject additional data.
A good place for this in your example would be the perform_create method of your ModelViewSet. For example:
class FooViewSet(viewsets.ModelViewSet):
serializer_class = FooSerializer
permission_classes = [permissions.IsAuthenticated]
queryset = Foo.objects.all()
def perform_create(self, serializer):
serializer.save(owner=self.request.user)
Upvotes: 6
Related Questions
- How to set current user to user field in Django Rest Framework?
- how to serialize current user in django rest framework?
- Send current user when model is saved in Django
- How to add current user into a field in django model serializer
- Django Rest Framework - How to set the current_user when POST
- How do I alter my API request based on a field from the user?
- DRF Set OneToOneField to currently logged in user
- Django REST Framework (DRF): Set current user id as field value
- Django-rest saving model against a specific user
- Getting current user in django rest framework