我的 Django Rest Framework 項目有模型字段,任何經過身份驗證的用戶都可以在其中創建模型實例。但是我想確保只有 Django Admin 可以更改accepted字段值。防止其他用戶更改accepted字段的最佳方法是什么?請注意,我想為經過身份驗證的用戶保留創建保留默認accepted 字段的模型實例的權限。MODELS.PYclass PO(models.Model): name = models.CharField(max_length=100) accepted=models.BooleanField(default=False) # I want this field to be changed only by admin userVIEWS.PYclass POcreate(generics.CreateAPIView): queryset = PO.objects.all() serializer_class = POserializer permission_classes = [permissions.IsAuthenticated]SERIALIZER.PYclass POserializer(serializers.ModelSerializer): class Meta: model=PO fields='__all__'
1 回答
慕斯王
TA貢獻1864條經驗 獲得超2個贊
更改了視圖層和序列化程序
def get_serializer_class(self):
if self.request.user.is_staff:
return POAdminserializer
return POserializer
class POAdminserializer(serializers.ModelSerializer):
class Meta:
model=PO
fields='__all__'
class POserializer(serializers.ModelSerializer):
class Meta:
model=PO
exclude=('created','accepted','delivered','rejected','rejected_reason')
添加回答
舉報
0/150
提交
取消