Field-by-field serializer permissions for Django Rest Framework.
Project description
[](https://pypi.python.org/pypi/django-rest-serializer-field-permissions/)
django-rest-serializer-field-permissions
=============
Add permission classes to your serializer fields that look like this:
```
class PersonSerializer(FieldPermissionSerializerMixin, LookupModelSerializer):
family_names = serializers.CharField(permission_classes=(IsAuthenticated(), ))
given_names = serializers.CharField(permission_classes=(IsAuthenticated(), ))
```
This package is **unstable**. It is in **alpha**. It basically works for me. I am actively working towards a beta release.
Installation
===============
Install the module in your Python distribution or virtualenv:
$ pip install django-rest-serializer-field-permissions
Add the application to your `INSTALLED_APPS`:
```
INSTALLED_APPS = (
...
"rest_framework_serializer_field_permissions",
...
)
```
Use
===
In your serializers, mix `FieldPermissionSerializerMixin` into your serializer classes, as the left-most parent. The fields
provided by `rest_framework_serializer_field_permissions.fields` accept `permission_classes` which operate in typical
DRF fashion:
```
from rest_framework import serializers
from rest_framework_serializer_field_permissions import fields
from rest_framework_serializer_field_permissions.serializers import FieldPermissionSerializerMixin
from rest_framework_serializer_field_permissions.permissions import IsAuthenticated
class PersonSerializer(FieldPermissionSerializerMixin, serializers.ModelSerializer):
family_names = fields.CharField(permission_classes=(IsAuthenticated(), ))
given_names = fields.CharField(permission_classes=(IsAuthenticated(), ))
```
Any pagination-capable viewset with which you wish to include permission-capable fields must use the
`ContextPassingPaginationSerializer` provided by `rest_framework_serializer_field_permissions.serializers`.
```
from rest_framework import viewsets
from rest_framework_serializer_field_permissions.serializers import FieldPermissionSerializerMixin
from rest_
class InterSISEncryptedLookupGenericViewset(viewsets.GenericViewSet):
pagination_serializer_class = ContextPassingPaginationSerializer
```
The `FieldPermissionSerializerMixin` may be mixed with any DRF serializer class, not just `ModelSerializer`. Similarly,
the `ContextPassingPaginationSerializer` may be used with any pagination-capable viewset, not just `GenericViewSet`.
You can write your own permission classes by sub-classing `BaseFieldPermission` in `permissions.py`.
How it Works
============
The `FieldPermissionSerializerMixin` provides its own `fields` property, which DRF serializers call to get a list
of their own fields. The amended `fields` property checks for permission-bearing fields, forces them to check their
permissions against the request, and scrubs from the return any fields which fail their permission checks.
Compatibility
=============
* Django Rest Framework 3
* Django 1.6, 1.7
* Python 2.7, 3.4
Additional Requirements
=======================
None
Todo
====
* Tests
Getting Involved
================
Feel free to open pull requests or issues. GitHub is the canonical location of this project.
django-rest-serializer-field-permissions
=============
Add permission classes to your serializer fields that look like this:
```
class PersonSerializer(FieldPermissionSerializerMixin, LookupModelSerializer):
family_names = serializers.CharField(permission_classes=(IsAuthenticated(), ))
given_names = serializers.CharField(permission_classes=(IsAuthenticated(), ))
```
This package is **unstable**. It is in **alpha**. It basically works for me. I am actively working towards a beta release.
Installation
===============
Install the module in your Python distribution or virtualenv:
$ pip install django-rest-serializer-field-permissions
Add the application to your `INSTALLED_APPS`:
```
INSTALLED_APPS = (
...
"rest_framework_serializer_field_permissions",
...
)
```
Use
===
In your serializers, mix `FieldPermissionSerializerMixin` into your serializer classes, as the left-most parent. The fields
provided by `rest_framework_serializer_field_permissions.fields` accept `permission_classes` which operate in typical
DRF fashion:
```
from rest_framework import serializers
from rest_framework_serializer_field_permissions import fields
from rest_framework_serializer_field_permissions.serializers import FieldPermissionSerializerMixin
from rest_framework_serializer_field_permissions.permissions import IsAuthenticated
class PersonSerializer(FieldPermissionSerializerMixin, serializers.ModelSerializer):
family_names = fields.CharField(permission_classes=(IsAuthenticated(), ))
given_names = fields.CharField(permission_classes=(IsAuthenticated(), ))
```
Any pagination-capable viewset with which you wish to include permission-capable fields must use the
`ContextPassingPaginationSerializer` provided by `rest_framework_serializer_field_permissions.serializers`.
```
from rest_framework import viewsets
from rest_framework_serializer_field_permissions.serializers import FieldPermissionSerializerMixin
from rest_
class InterSISEncryptedLookupGenericViewset(viewsets.GenericViewSet):
pagination_serializer_class = ContextPassingPaginationSerializer
```
The `FieldPermissionSerializerMixin` may be mixed with any DRF serializer class, not just `ModelSerializer`. Similarly,
the `ContextPassingPaginationSerializer` may be used with any pagination-capable viewset, not just `GenericViewSet`.
You can write your own permission classes by sub-classing `BaseFieldPermission` in `permissions.py`.
How it Works
============
The `FieldPermissionSerializerMixin` provides its own `fields` property, which DRF serializers call to get a list
of their own fields. The amended `fields` property checks for permission-bearing fields, forces them to check their
permissions against the request, and scrubs from the return any fields which fail their permission checks.
Compatibility
=============
* Django Rest Framework 3
* Django 1.6, 1.7
* Python 2.7, 3.4
Additional Requirements
=======================
None
Todo
====
* Tests
Getting Involved
================
Feel free to open pull requests or issues. GitHub is the canonical location of this project.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Close
Hashes for django-rest-serializer-field-permissions-0.1.tar.gz
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 9860de224c91c8dc84b5ae68641b3acdbff301136eb8378649ba20714f498d3b |
|
| MD5 | 920fbe9cea04eb6c2966dc540474c96c |
|
| BLAKE2b-256 | 838f9ef1ae0368245e4ddf1e0030e73bd5f78412e4640793f73814381cb1631f |
