Field-by-field serializer permissions for Django Rest Framework.
Project description
[![Downloads](https://pypip.in/download/django-rest-serializer-field-permissions/badge.svg)](https://pypi.python.org/pypi/django-rest-serializer-field-permissions/)
[![Build Status](https://travis-ci.org/InterSIS/django-rest-serializer-field-permissions.svg?branch=master)](https://travis-ci.org/InterSIS/django-rest-serializer-field-permissions)
django-rest-serializer-field-permissions
=============
Add permission classes to your serializer fields that look like this:
```
class PersonSerializer(FieldPermissionSerializerMixin, LookupModelSerializer):
family_names = serializers.CharField(permission_classes=(IsAuthenticated(), ))
given_names = serializers.CharField(permission_classes=(IsAuthenticated(), ))
```
This package is **unstable**. It is in **alpha**. Test coverage is **incomplete**. It basically works for me.
I am actively working towards a beta release.
Installation
===============
Install the module in your Python distribution or virtualenv:
$ pip install django-rest-serializer-field-permissions
Add the application to your `INSTALLED_APPS`:
```
INSTALLED_APPS = (
...
"rest_framework_serializer_field_permissions",
...
)
```
Use
===
In your serializers, mix `FieldPermissionSerializerMixin` into your serializer classes, as the left-most parent. The fields
provided by `rest_framework_serializer_field_permissions.fields` accept `permission_classes` which operate in typical
DRF fashion:
```
from rest_framework import serializers
from rest_framework_serializer_field_permissions import fields
from rest_framework_serializer_field_permissions.serializers import FieldPermissionSerializerMixin
from rest_framework_serializer_field_permissions.permissions import IsAuthenticated
class PersonSerializer(FieldPermissionSerializerMixin, serializers.ModelSerializer):
family_names = fields.CharField(permission_classes=(IsAuthenticated(), ))
given_names = fields.CharField(permission_classes=(IsAuthenticated(), ))
```
Any pagination-capable viewset with which you wish to include permission-capable fields must use the
`ContextPassingPaginationSerializer` provided by `rest_framework_serializer_field_permissions.serializers`.
```
from rest_framework import viewsets
from rest_framework_serializer_field_permissions.serializers import FieldPermissionSerializerMixin
from rest_
class InterSISEncryptedLookupGenericViewset(viewsets.GenericViewSet):
pagination_serializer_class = ContextPassingPaginationSerializer
```
The `FieldPermissionSerializerMixin` may be mixed with any DRF serializer class, not just `ModelSerializer`. Similarly,
the `ContextPassingPaginationSerializer` may be used with any pagination-capable viewset, not just `GenericViewSet`.
You can write your own permission classes by sub-classing `BaseFieldPermission` in `permissions.py`.
How it Works
============
The `FieldPermissionSerializerMixin` provides its own `fields` property, which DRF serializers call to get a list
of their own fields. The amended `fields` property checks for permission-bearing fields, forces them to check their
permissions against the request, and scrubs from the return any fields which fail their permission checks.
Compatibility
=============
* Django Rest Framework 3.0
* Django 1.6, 1.7, 1.8
* Python 2.7, 3.3, 3.4
See tox.ini for specific minor versions tested.
Additional Requirements
=======================
None
Todo
====
* Serializer tests
* Integration tests
Getting Involved
================
Feel free to open pull requests or issues. GitHub is the canonical location of this project.
[![Build Status](https://travis-ci.org/InterSIS/django-rest-serializer-field-permissions.svg?branch=master)](https://travis-ci.org/InterSIS/django-rest-serializer-field-permissions)
django-rest-serializer-field-permissions
=============
Add permission classes to your serializer fields that look like this:
```
class PersonSerializer(FieldPermissionSerializerMixin, LookupModelSerializer):
family_names = serializers.CharField(permission_classes=(IsAuthenticated(), ))
given_names = serializers.CharField(permission_classes=(IsAuthenticated(), ))
```
This package is **unstable**. It is in **alpha**. Test coverage is **incomplete**. It basically works for me.
I am actively working towards a beta release.
Installation
===============
Install the module in your Python distribution or virtualenv:
$ pip install django-rest-serializer-field-permissions
Add the application to your `INSTALLED_APPS`:
```
INSTALLED_APPS = (
...
"rest_framework_serializer_field_permissions",
...
)
```
Use
===
In your serializers, mix `FieldPermissionSerializerMixin` into your serializer classes, as the left-most parent. The fields
provided by `rest_framework_serializer_field_permissions.fields` accept `permission_classes` which operate in typical
DRF fashion:
```
from rest_framework import serializers
from rest_framework_serializer_field_permissions import fields
from rest_framework_serializer_field_permissions.serializers import FieldPermissionSerializerMixin
from rest_framework_serializer_field_permissions.permissions import IsAuthenticated
class PersonSerializer(FieldPermissionSerializerMixin, serializers.ModelSerializer):
family_names = fields.CharField(permission_classes=(IsAuthenticated(), ))
given_names = fields.CharField(permission_classes=(IsAuthenticated(), ))
```
Any pagination-capable viewset with which you wish to include permission-capable fields must use the
`ContextPassingPaginationSerializer` provided by `rest_framework_serializer_field_permissions.serializers`.
```
from rest_framework import viewsets
from rest_framework_serializer_field_permissions.serializers import FieldPermissionSerializerMixin
from rest_
class InterSISEncryptedLookupGenericViewset(viewsets.GenericViewSet):
pagination_serializer_class = ContextPassingPaginationSerializer
```
The `FieldPermissionSerializerMixin` may be mixed with any DRF serializer class, not just `ModelSerializer`. Similarly,
the `ContextPassingPaginationSerializer` may be used with any pagination-capable viewset, not just `GenericViewSet`.
You can write your own permission classes by sub-classing `BaseFieldPermission` in `permissions.py`.
How it Works
============
The `FieldPermissionSerializerMixin` provides its own `fields` property, which DRF serializers call to get a list
of their own fields. The amended `fields` property checks for permission-bearing fields, forces them to check their
permissions against the request, and scrubs from the return any fields which fail their permission checks.
Compatibility
=============
* Django Rest Framework 3.0
* Django 1.6, 1.7, 1.8
* Python 2.7, 3.3, 3.4
See tox.ini for specific minor versions tested.
Additional Requirements
=======================
None
Todo
====
* Serializer tests
* Integration tests
Getting Involved
================
Feel free to open pull requests or issues. GitHub is the canonical location of this project.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Close
Hashes for django-rest-serializer-field-permissions-0.34.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | d6b680ad1848216090190aa5284e0db52628bb179876e353e2522f1174261700 |
|
MD5 | be466b38fa3ab686d6c74924f8001752 |
|
BLAKE2b-256 | 7c4a575fbb5a4096457f7a240bc39152365f217c714e495bf89c5f2e566500e9 |