>From a previous discussion on this list (
http://groups.google.com/group/django-developers/browse_thread/thread/2da69b9e24cf3438/17d87e3b27d4395d
) I gather that modifying the field options of a Model is not
desirable due to a loss in orthogonality. Here is a modified
permissions framework for serialization.
Permission Framework
=================
While creating an API, there may arise a need to give varying levels
of access to data to different people. For this I propose a permission
framework, where the user can choose to restrict data to certain
groups while defining a model. I guess a different name should be
used, so that it is not confused with the “Permission” model used in
contrib.auth and contrib.admin. Here’s an example
class User(models.Model):
name = CharField(max_length=128)
picture_url = URLField()
security_question = CharField(max_length = 200)
security_answer = CharField(max_length = 200)
class Meta:
serialize_permissions = {
‘default’: [‘name’],
‘admins’: [‘name’, ‘picture_url’, ‘security_question’,
‘security_answer’ ],
‘friends’: [‘name’, ‘picture_url’],
‘self’: [‘name’, ‘picture_url’, ‘security_question’]
}
Here different permission groups like ‘self’, ‘friends’ and ‘admins’
are created as a field of the Meta class . If no such field is
specified by the user, all fields are included under the default
permission group.
To use this, specify the permission_level in the call to serialize
data = serializers.serialize(queryset, permission_level = ‘friends’ )
=================================================================================================
--
You received this message because you are subscribed to the Google Groups
"Django developers" group.
To post to this group, send email to django-developers@googlegroups.com.
To unsubscribe from this group, send email to
django-developers+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/django-developers?hl=en.
