Skip to main content
This is a pre-production deployment of Warehouse. Changes made here affect the production instance of PyPI (
Help us improve Python packaging - Donate today!

Field-by-field serializer permissions for Django Rest Framework.

Project Description
[![Build Status](](


Add permission classes to your serializer fields that look like this:

class PersonSerializer(FieldPermissionSerializerMixin, LookupModelSerializer):

family_names = serializers.CharField(permission_classes=(IsAuthenticated(), ))
given_names = serializers.CharField(permission_classes=(IsAuthenticated(), ))


This package is **unstable**. It is in **alpha**. Test coverage is **incomplete**. It basically works for me.

I am actively working towards a beta release.


Install the module in your Python distribution or virtualenv:

$ pip install django-rest-serializer-field-permissions

Add the application to your `INSTALLED_APPS`:



In your serializers, mix `FieldPermissionSerializerMixin` into your serializer classes, as the left-most parent. The fields
provided by `rest_framework_serializer_field_permissions.fields` accept `permission_classes` which operate in typical
DRF fashion:
from rest_framework import serializers

from rest_framework_serializer_field_permissions import fields
from rest_framework_serializer_field_permissions.serializers import FieldPermissionSerializerMixin
from rest_framework_serializer_field_permissions.permissions import IsAuthenticated

class PersonSerializer(FieldPermissionSerializerMixin, serializers.ModelSerializer):

family_names = fields.CharField(permission_classes=(IsAuthenticated(), ))
given_names = fields.CharField(permission_classes=(IsAuthenticated(), ))


Any pagination-capable viewset with which you wish to include permission-capable fields must use the
`ContextPassingPaginationSerializer` provided by `rest_framework_serializer_field_permissions.serializers`.
from rest_framework import viewsets

from rest_framework_serializer_field_permissions.serializers import FieldPermissionSerializerMixin

class MyViewset(viewsets.GenericViewSet):
pagination_serializer_class = ContextPassingPaginationSerializer

The `FieldPermissionSerializerMixin` may be mixed with any DRF serializer class, not just `ModelSerializer`. Similarly,
the `ContextPassingPaginationSerializer` may be used with any pagination-capable viewset, not just `GenericViewSet`.

You can write your own permission classes by sub-classing `BaseFieldPermission` in ``.

How it Works

The `FieldPermissionSerializerMixin` provides its own `fields` property, which DRF serializers call to get a list
of their own fields. The amended `fields` property checks for permission-bearing fields, forces them to check their
permissions against the request, and scrubs from the return any fields which fail their permission checks.


* Django Rest Framework 3.0
* Django 1.6, 1.7, 1.8
* Python 2.7, 3.3, 3.4

See tox.ini for specific minor versions tested.

Additional Requirements



* Serializer tests
* Integration tests

Getting Involved

Feel free to open pull requests or issues. GitHub is the canonical location of this project.
Release History

Release History

This version
History Node


History Node


History Node


History Node


History Node


Download Files

Download Files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

File Name & Checksum SHA256 Checksum Help Version File Type Upload Date
django-rest-serializer-field-permissions-1.0.0.tar.gz (17.9 kB) Copy SHA256 Checksum SHA256 Source Sep 8, 2015

Supported By

WebFaction WebFaction Technical Writing Elastic Elastic Search Pingdom Pingdom Monitoring Dyn Dyn DNS Sentry Sentry Error Logging CloudAMQP CloudAMQP RabbitMQ Heroku Heroku PaaS Kabu Creative Kabu Creative UX & Design Fastly Fastly CDN DigiCert DigiCert EV Certificate Rackspace Rackspace Cloud Servers DreamHost DreamHost Log Hosting