Skip to main content
Help us improve Python packaging – donate today!

Field-by-field serializer permissions for Django Rest Framework.

Project Description

[![Build Status](](


Add permission classes to your serializer fields that look like this:

class PersonSerializer(FieldPermissionSerializerMixin, LookupModelSerializer):

family_names = serializers.CharField(permission_classes=(IsAuthenticated(), ))
given_names = serializers.CharField(permission_classes=(IsAuthenticated(), ))


This package is **unstable**. It is in **alpha**. Test coverage is **incomplete**. It basically works for me.

I am actively working towards a beta release.


Install the module in your Python distribution or virtualenv:

$ pip install django-rest-serializer-field-permissions

Add the application to your `INSTALLED_APPS`:



In your serializers, mix `FieldPermissionSerializerMixin` into your serializer classes, as the left-most parent. The fields
provided by `rest_framework_serializer_field_permissions.fields` accept `permission_classes` which operate in typical
DRF fashion:
from rest_framework import serializers

from rest_framework_serializer_field_permissions import fields
from rest_framework_serializer_field_permissions.serializers import FieldPermissionSerializerMixin
from rest_framework_serializer_field_permissions.permissions import IsAuthenticated

class PersonSerializer(FieldPermissionSerializerMixin, serializers.ModelSerializer):

family_names = fields.CharField(permission_classes=(IsAuthenticated(), ))
given_names = fields.CharField(permission_classes=(IsAuthenticated(), ))


Any pagination-capable viewset with which you wish to include permission-capable fields must use the
`ContextPassingPaginationSerializer` provided by `rest_framework_serializer_field_permissions.serializers`.
from rest_framework import viewsets

from rest_framework_serializer_field_permissions.serializers import FieldPermissionSerializerMixin

class MyViewset(viewsets.GenericViewSet):
pagination_serializer_class = ContextPassingPaginationSerializer

The `FieldPermissionSerializerMixin` may be mixed with any DRF serializer class, not just `ModelSerializer`. Similarly,
the `ContextPassingPaginationSerializer` may be used with any pagination-capable viewset, not just `GenericViewSet`.

You can write your own permission classes by sub-classing `BaseFieldPermission` in ``.

How it Works

The `FieldPermissionSerializerMixin` provides its own `fields` property, which DRF serializers call to get a list
of their own fields. The amended `fields` property checks for permission-bearing fields, forces them to check their
permissions against the request, and scrubs from the return any fields which fail their permission checks.


* Django Rest Framework 3.0
* Django 1.6, 1.7, 1.8
* Python 2.7, 3.3, 3.4

See tox.ini for specific minor versions tested.

Additional Requirements



* Serializer tests
* Integration tests

Getting Involved

Feel free to open pull requests or issues. GitHub is the canonical location of this project.

Release history Release notifications

This version
History Node


History Node


History Node


History Node


History Node


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Filename, size & hash SHA256 hash help File type Python version Upload date
django-rest-serializer-field-permissions-1.0.0.tar.gz (17.9 kB) Copy SHA256 hash SHA256 Source None Sep 8, 2015

Supported by

Elastic Elastic Search Pingdom Pingdom Monitoring Google Google BigQuery Sentry Sentry Error logging CloudAMQP CloudAMQP RabbitMQ AWS AWS Cloud computing Fastly Fastly CDN DigiCert DigiCert EV certificate StatusPage StatusPage Status page