我有2个型号:User&UserSummary。 UserSummary具有User的外键。我刚刚注意到,如果我在depth= 1
中设置UserSummarySerializer
,则密码字段将包含在输出中。它是哈希,但最好排除这个领域。
要隐藏密码字段,我只是在序列化器中显式设置用户字段,如下所示:
class UserSerializer(serializers.ModelSerializer):
"""A serializer for our user profile objects."""
class Meta:
model = models.User
extra_kwargs = {'password': {'write_only': True}}
exclude = ('groups', 'last_login', 'is_superuser', 'user_permissions', 'created_at')
def create(self, validated_data):
"""Create and return a new user."""
user = models.User(
email = validated_data['email'],
firstname = validated_data['firstname'],
lastname = validated_data['lastname'],
mobile = validated_data['mobile']
)
user.set_password(validated_data['password'])
user.save()
return user
class UserSummarySerializer(serializers.ModelSerializer):
user = UserSerializer()
class Meta:
model = models.UserSummary
fields = '__all__'
depth = 1
这种做法的缺点是,在创建新用户时,POST请求中的字段密码不再可用。
如何在UserSummary的GET请求中隐藏password
字段,但是在User的POST请求中显示它?
当你把所有的函数序列化器都放到一个时,这很复杂,我会在这个场景中创建一个UserCreateSerializer
:
class UserCreateSerializer(serializers.ModelSerializer):
"""A serializer for our user profile objects."""
class Meta:
model = models.User
extra_kwargs = {'password': {'write_only': True}}
fields = ['username', 'password', 'email', 'firstname', 'lastname', 'mobile'] # there what you want to initial.
def create(self, validated_data):
"""Create and return a new user."""
user = models.User(
email = validated_data['email'],
firstname = validated_data['firstname'],
lastname = validated_data['lastname'],
mobile = validated_data['mobile']
)
user.set_password(validated_data['password'])
user.save()
return user
然后你可以在你的UserCreateSerializer
中使用UserCreateAPIView
。
class UserSerializer(serializers.ModelSerializer):
class Meta:
model = User
def to_representation(self, obj):
rep = super(UserSerializer, self).to_representation(obj)
rep.pop('password', None)
return rep