Hacker News new | past | comments | ask | show | jobs | submit login

If you want to get even more granular, I would suggest using the mixins. I almost never use the broad viewsets anymore.

Example:

  class FooViewset(  
          mixins.CreateModelMixin,  
          mixins.ListModelMixin,  
          mixins.DestroyModelMixin,  
          mixins.RetrieveModelMixin,  
          viewsets.GenericViewSet)
Subtract as necessary.



This is a good way to control what methods are allowed on the ViewSet, but still doesn't address the problem of fields being writable by default when the ViewSet allows writing.


This seems like the expected behavior. If allowing for writing didn't actually allow you to write anything, that would be pretty strange, wouldn't it? Or do I misunderstand?


You may want to expose some fields that you don't allow changing, such as what account owns the resource. When fields are writable by default, it is easy for someone to miss that they've made a field writable when they just meant to expose it for reading.


I think it's better to define field specific read/write permissions through the serializers. In the serializer's Meta class, you can define a readonly_fields tuple containing the string names of the read only fields


You can also route only read-only methods in urls.py, for example via:

    url(
        r'path/$',
        TheModelViewSetView.as_view({"get": "list"}),
        name="thename"
    )
or "retrieve" instead of "list" for a route which includes PK.

This of course makes the entire path read-only so it's not a way to make some fields writable and others not.


yeah, I think they're saying instead of having the Meta fields list create writable fields by default, it should be read-only by default, after which you could add a "writable_fields" list




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: