Hi,
How would you handle the below scenario on a serializer (and/or any
other) level?
John, Jack and James are managers of a vehicle fleet. The fleet produces
trips.
The real trip data looks like this (it's far more compilcated in real
but this is enough to demonstrate the problem):
{
"id": 1,
"driver": "John",
"start_location_address": "J&J&J Ltd.",
"end_location_address": "John's home",
"category": "Work"
},
{
"id": 2,
"driver": "John",
"start_location_address": "J&J&J Ltd.",
"end_location_address": "Jack's home",
"category": "Private"
},
{
"id": 3,
"driver": "Jack",
"start_location_address": "J&J&J Ltd.",
"end_location_address": "Jack's home",
"category": "Work"
},
{
"id": 4,
"driver": "Jack",
"start_location_address": "J&J&J Ltd.",
"end_location_address": "John's home",
"category": "Private"
}
John should see:
{
"id": 1,
"driver": "John",
"start_location_address": "J&J&J Ltd.",
"end_location_address": "John's home",
"category": "Work"
},
{
"id": 2,
"driver": "John",
"start_location_address": "J&J&J Ltd.",
"end_location_address": "Jack's home",
"category": "Private"
},
{
"id": 3,
"driver": "Jack",
"start_location_address": "J&J&J Ltd.",
"end_location_address": "Jack's home",
"category": "Work"
},
{
"id": 4,
"driver": "Jack",
"start_location_address": "",
"end_location_address": "",
"category": "Private"
}
Jack should see:
{
"id": 1,
"driver": "John",
"start_location_address": "J&J&J Ltd.",
"end_location_address": "John's home",
"category": "Work"
},
{
"id": 2,
"driver": "John",
"start_location_address": "",
"end_location_address": "",
"category": "Private"
},
{
"id": 3,
"driver": "Jack",
"start_location_address": "J&J&J Ltd.",
"end_location_address": "Jack's home",
"category": "Work"
},
{
"id": 4,
"driver": "Jack",
"start_location_address": "J&J&J Ltd.",
"end_location_address": "John's home",
"category": "Private"
}
James should see:
{
"id": 1,
"driver": "John",
"start_location_address": "J&J&J Ltd.",
"end_location_address": "John's home",
"category": "Work"
},
{
"id": 2,
"driver": "John",
"start_location_address": "",
"end_location_address": "",
"category": "Private"
},
{
"id": 3,
"driver": "Jack",
"start_location_address": "J&J&J Ltd.",
"end_location_address": "Jack's home",
"category": "Work"
},
{
"id": 4,
"driver": "Jack",
"start_location_address": "",
"end_location_address": "",
"category": "Private"
}
So the private fields are "start_location_address" and
"end_location_address". They should only be available for the driver of
the trip if the trip is private.
Removing the private fields is also ok instead of returning empty strings.
I'm thinking on something like this but it feels a bit evil:
Inside the __init__ of the serializer I'd do something like this:
is_many = getattr(self.instance, "id", None) is None
if is_many:
objects = self.instance
else:
try:
objects = [self.instance]
except IndexError:
objects = []
request = self.context['request']
request_user = request.user
for o in objects:
if o.category == 'Private' and o.driver != request_user:
o.start_location_address = "" # or delattr(o,
"start_location_address")
o.end_location_address = "" # or delattr(o,
"end_location_address")
Is there a clean(er) way to handle this?
What about caching etc.?
What do you think in general?
Thanks in advance
Zoltan Szalai
--
You received this message because you are subscribed to the Google Groups "Django
REST framework" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
