Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I think it's better to define field specific read/write permissions through the serializers. In the serializer's Meta class, you can define a readonly_fields tuple containing the string names of the read only fields


You can also route only read-only methods in urls.py, for example via:

    url(
        r'path/$',
        TheModelViewSetView.as_view({"get": "list"}),
        name="thename"
    )
or "retrieve" instead of "list" for a route which includes PK.

This of course makes the entire path read-only so it's not a way to make some fields writable and others not.


yeah, I think they're saying instead of having the Meta fields list create writable fields by default, it should be read-only by default, after which you could add a "writable_fields" list




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: