Field-by-field serializer permissions for Django Rest Framework.
Project description
[![Downloads](https://pypip.in/download/django-rest-serializer-field-permissions/badge.svg)](https://pypi.python.org/pypi/django-rest-serializer-field-permissions/)
[![Build Status](https://travis-ci.org/InterSIS/django-rest-serializer-field-permissions.svg?branch=master)](https://travis-ci.org/InterSIS/django-rest-serializer-field-permissions)
django-rest-serializer-field-permissions
=============
Add permission classes to your serializer fields that look like this:
```
class PersonSerializer(FieldPermissionSerializerMixin, LookupModelSerializer):
family_names = serializers.CharField(permission_classes=(IsAuthenticated(), ))
given_names = serializers.CharField(permission_classes=(IsAuthenticated(), ))
```
This package is **unstable**. It is in **alpha**. Test coverage is **incomplete**. It basically works for me.
I am actively working towards a beta release.
Installation
===============
Install the module in your Python distribution or virtualenv:
$ pip install django-rest-serializer-field-permissions
Add the application to your `INSTALLED_APPS`:
```
INSTALLED_APPS = (
...
"rest_framework_serializer_field_permissions",
...
)
```
Use
===
In your serializers, mix `FieldPermissionSerializerMixin` into your serializer classes, as the left-most parent. The fields
provided by `rest_framework_serializer_field_permissions.fields` accept `permission_classes` which operate in typical
DRF fashion:
```
from rest_framework import serializers
from rest_framework_serializer_field_permissions import fields
from rest_framework_serializer_field_permissions.serializers import FieldPermissionSerializerMixin
from rest_framework_serializer_field_permissions.permissions import IsAuthenticated
class PersonSerializer(FieldPermissionSerializerMixin, serializers.ModelSerializer):
family_names = fields.CharField(permission_classes=(IsAuthenticated(), ))
given_names = fields.CharField(permission_classes=(IsAuthenticated(), ))
```
Any pagination-capable viewset with which you wish to include permission-capable fields must use the
`ContextPassingPaginationSerializer` provided by `rest_framework_serializer_field_permissions.serializers`.
```
from rest_framework import viewsets
from rest_framework_serializer_field_permissions.serializers import FieldPermissionSerializerMixin
class MyViewset(viewsets.GenericViewSet):
pagination_serializer_class = ContextPassingPaginationSerializer
```
The `FieldPermissionSerializerMixin` may be mixed with any DRF serializer class, not just `ModelSerializer`. Similarly,
the `ContextPassingPaginationSerializer` may be used with any pagination-capable viewset, not just `GenericViewSet`.
You can write your own permission classes by sub-classing `BaseFieldPermission` in `permissions.py`.
How it Works
============
The `FieldPermissionSerializerMixin` provides its own `fields` property, which DRF serializers call to get a list
of their own fields. The amended `fields` property checks for permission-bearing fields, forces them to check their
permissions against the request, and scrubs from the return any fields which fail their permission checks.
Compatibility
=============
* Django Rest Framework 3.0
* Django 1.6, 1.7, 1.8
* Python 2.7, 3.3, 3.4
See tox.ini for specific minor versions tested.
Additional Requirements
=======================
None
Todo
====
* Serializer tests
* Integration tests
Getting Involved
================
Feel free to open pull requests or issues. GitHub is the canonical location of this project.
[![Build Status](https://travis-ci.org/InterSIS/django-rest-serializer-field-permissions.svg?branch=master)](https://travis-ci.org/InterSIS/django-rest-serializer-field-permissions)
django-rest-serializer-field-permissions
=============
Add permission classes to your serializer fields that look like this:
```
class PersonSerializer(FieldPermissionSerializerMixin, LookupModelSerializer):
family_names = serializers.CharField(permission_classes=(IsAuthenticated(), ))
given_names = serializers.CharField(permission_classes=(IsAuthenticated(), ))
```
This package is **unstable**. It is in **alpha**. Test coverage is **incomplete**. It basically works for me.
I am actively working towards a beta release.
Installation
===============
Install the module in your Python distribution or virtualenv:
$ pip install django-rest-serializer-field-permissions
Add the application to your `INSTALLED_APPS`:
```
INSTALLED_APPS = (
...
"rest_framework_serializer_field_permissions",
...
)
```
Use
===
In your serializers, mix `FieldPermissionSerializerMixin` into your serializer classes, as the left-most parent. The fields
provided by `rest_framework_serializer_field_permissions.fields` accept `permission_classes` which operate in typical
DRF fashion:
```
from rest_framework import serializers
from rest_framework_serializer_field_permissions import fields
from rest_framework_serializer_field_permissions.serializers import FieldPermissionSerializerMixin
from rest_framework_serializer_field_permissions.permissions import IsAuthenticated
class PersonSerializer(FieldPermissionSerializerMixin, serializers.ModelSerializer):
family_names = fields.CharField(permission_classes=(IsAuthenticated(), ))
given_names = fields.CharField(permission_classes=(IsAuthenticated(), ))
```
Any pagination-capable viewset with which you wish to include permission-capable fields must use the
`ContextPassingPaginationSerializer` provided by `rest_framework_serializer_field_permissions.serializers`.
```
from rest_framework import viewsets
from rest_framework_serializer_field_permissions.serializers import FieldPermissionSerializerMixin
class MyViewset(viewsets.GenericViewSet):
pagination_serializer_class = ContextPassingPaginationSerializer
```
The `FieldPermissionSerializerMixin` may be mixed with any DRF serializer class, not just `ModelSerializer`. Similarly,
the `ContextPassingPaginationSerializer` may be used with any pagination-capable viewset, not just `GenericViewSet`.
You can write your own permission classes by sub-classing `BaseFieldPermission` in `permissions.py`.
How it Works
============
The `FieldPermissionSerializerMixin` provides its own `fields` property, which DRF serializers call to get a list
of their own fields. The amended `fields` property checks for permission-bearing fields, forces them to check their
permissions against the request, and scrubs from the return any fields which fail their permission checks.
Compatibility
=============
* Django Rest Framework 3.0
* Django 1.6, 1.7, 1.8
* Python 2.7, 3.3, 3.4
See tox.ini for specific minor versions tested.
Additional Requirements
=======================
None
Todo
====
* Serializer tests
* Integration tests
Getting Involved
================
Feel free to open pull requests or issues. GitHub is the canonical location of this project.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Close
Hashes for django-rest-serializer-field-permissions-1.0.0.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | 8291667ff639a3b5157c587e16bc9efa16a9ab7bc7ff3fc2dab4cdcffac719f3 |
|
MD5 | c0c293d10cd35c6fd8512cec107bf6fd |
|
BLAKE2b-256 | 21bba9caa35d6d3d930c53e144354f2d05cffe956b99c8d5a37b9273478dc396 |