只读设置无法正常工作。
无论我是否使用read_only_fields
:
read_only_fields = ('id', 'user', 'created_at', 'account_type', 'balance', 'iban')
或每个串行器字段的read_only
:
class BankAccountSerializer(serializers.ModelSerializer):
id = serializers.StringRelatedField(read_only=True)
user = serializers.StringRelatedField(read_only=True)
created_at = serializers.SerializerMethodField(read_only=True)
account_name = serializers.StringRelatedField(read_only=False)
account_type = serializers.StringRelatedField(read_only=True)
balance = serializers.StringRelatedField(read_only=True)
iban = serializers.StringRelatedField(read_only=True)
class Meta:
model = BankAccount
fields = '__all__'
def get_created_at(self, instance):
return instance.created_at.strftime("%B %d %Y")
我的许可权类别如下:
permission_classes = [IsUserOrReadOnly, IsAuthenticated]
因此,自定义IsUserOrReadOnly
类如下所示:
class IsUserOrReadOnly(permissions.BasePermission):
def has_object_permission(self, request, view, obj):
if request.method in permissions.SAFE_METHODS:
return True
return obj.user == request.user
我的序列化器/视图看起来像这样:
class BankAccountViewSet(viewsets.ModelViewSet):
queryset = BankAccount.objects.all()
lookup_field = "iban"
serializer_class = BankAccountSerializer
permission_class = [IsUserOrReadOnly, IsAuthenticated]
我从api端点得到的结果(选项方法响应)不是我期望的结果,这意味着字段account_name
仍为"read_only": true,
,如可浏览的api输出中所示:
"actions": {
"PUT": {
"id": {
"type": "field",
"required": false,
"read_only": true,
"label": "Id"
},
"user": {
"type": "field",
"required": false,
"read_only": true,
"label": "User"
},
"created_at": {
"type": "field",
"required": false,
"read_only": true,
"label": "Created at"
},
"account_name": {
"type": "field",
"required": false,
"read_only": true,
"label": "Account name"
},
"account_type": {
"type": "field",
"required": false,
"read_only": true,
"label": "Account type"
},
"balance": {
"type": "field",
"required": false,
"read_only": true,
"label": "Balance"
},
"iban": {
"type": "field",
"required": false,
"read_only": true,
"label": "Iban"
}
}
}
这里可能有什么问题吗?