{ "info": { "author": "Joseph Schilz", "author_email": "joseph@schilz.org", "bugtrack_url": null, "classifiers": [ "Development Status :: 5 - Production/Stable", "Environment :: Web Environment", "Framework :: Django", "Intended Audience :: Developers", "License :: OSI Approved :: GNU General Public License v3 (GPLv3)", "Operating System :: OS Independent", "Programming Language :: Python", "Programming Language :: Python :: 2.7", "Programming Language :: Python :: 3.4", "Programming Language :: Python :: 3.5", "Programming Language :: Python :: 3.6", "Programming Language :: Python :: 3.7", "Topic :: Internet :: WWW/HTTP", "Topic :: Internet :: WWW/HTTP :: Dynamic Content" ], "description": "[![Build Status](https://travis-ci.org/InterSIS/django-rest-serializer-field-permissions.svg?branch=master)](https://travis-ci.org/InterSIS/django-rest-serializer-field-permissions)\n[![Code Climate](https://codeclimate.com/github/InterSIS/django-rest-serializer-field-permissions/badges/gpa.svg)](https://codeclimate.com/github/InterSIS/django-rest-serializer-field-permissions)\n[![Coverage Status](https://coveralls.io/repos/InterSIS/django-rest-serializer-field-permissions/badge.svg?branch=master&service=github)](https://coveralls.io/github/InterSIS/django-rest-serializer-field-permissions?branch=master)\n[![PyPI version](https://badge.fury.io/py/django-rest-serializer-field-permissions.svg)](http://badge.fury.io/py/django-rest-serializer-field-permissions)\n\ndjango-rest-serializer-field-permissions\n=============\n\nAdd field-by-field permission classes to your serializer fields that look like this:\n\n```\n class PersonSerializer(FieldPermissionSerializerMixin, LookupModelSerializer):\n\n // Only allow authenticated users to retrieve family and given names\n family_names = serializers.CharField(permission_classes=(IsAuthenticated(), ))\n given_names = serializers.CharField(permission_classes=(IsAuthenticated(), ))\n \n // Allow all users to retrieve nick name\n nick_name = serializers.CharField(permission_classes=(AllowAll(), ))\n\n```\n\nComplete Tutorial\n----------------\n\nThis example builds on the example Django REST Framework API in the [DRF 3.8 documentation](https://github.com/encode/django-rest-framework/tree/2c992f09dada037904efe076029cd7355118d37f#installation). Please make sure that you have completed that tutorial before beginning this one.\n\nInstall this module into your environment:\n\n```\n $ pip install django-rest-serializer-field-permissions\n```\n\nInstall this module into Django by adding it to your `INSTALLED_APPS`.\n```\n INSTALLED_APPS = (\n ...\n 'rest_framework_serializer_field_permissions',\n ...\n )\n```\n\nNow you can add retrieve permissions to individual fields. You must import the modules and classes shown below, mix `FieldPermissionSerializerMixin` as the **leftmost** parent to your serializers, and then define your fields using the provided drop-in field classes.\n\nFor example, modify the root `urls.py` you created in the DRF tutorial with the following code:\n\n```\nfrom django.conf.urls import url, include\nfrom django.contrib.auth.models import User\nfrom rest_framework import routers, serializers, viewsets\n\nfrom rest_framework_serializer_field_permissions import fields # <--\nfrom rest_framework_serializer_field_permissions.serializers import FieldPermissionSerializerMixin # <--\nfrom rest_framework_serializer_field_permissions.permissions import IsAuthenticated # <--\n\n# Serializers define the API representation.\nclass UserSerializer(FieldPermissionSerializerMixin, serializers.HyperlinkedModelSerializer): # <--\n class Meta:\n model = User\n fields = ('url', 'username', 'email', 'is_staff')\n\n email = fields.EmailField(permission_classes=(IsAuthenticated(), )) # <--\n\n# ViewSets define the view behavior.\nclass UserViewSet(viewsets.ModelViewSet):\n queryset = User.objects.all()\n serializer_class = UserSerializer\n\n# Routers provide an easy way of automatically determining the URL conf.\nrouter = routers.DefaultRouter()\nrouter.register(r'users', UserViewSet)\n\n# Wire up our API using automatic URL routing.\n# Additionally, we include login URLs for the browsable API.\nurlpatterns = [\n url(r'^', include(router.urls)),\n url(r'^api-auth/', include('rest_framework.urls', namespace='rest_framework'))\n]\n\n```\n\nNow, only authenticated users will be able to retrieve your users' emails. You can confirm this by creating a superuser account, if you haven't already, and visiting [http://localhost:8000/users/](http://localhost:8000/users) as both an authenticated user and an unauthenticated visitor.\n\nAlternately, you could have restricted retrieve access to the `username` field with the code:\n\n```\n username = fields.CharField(permission_classes=(IsAuthenticated(), ))\n```\n\nYou can define your own permissions classes that operate on any aspect of the incoming `request`, and you can specify multiple r`permission_classes` on a field: all provided permissions must be satisfied for the visitor to retrieve the given field.\n\nUse\n---\n\n### Installation\n\nInstall the module in your Python distribution or virtualenv:\n\n $ pip install django-rest-serializer-field-permissions\n\nAdd the application to your `INSTALLED_APPS`:\n\n```\n INSTALLED_APPS = (\n ...\n 'rest_framework_serializer_field_permissions',\n ...\n )\n```\n\n### Adding Permissions\n\nIn your serializers, mix `FieldPermissionSerializerMixin` into your serializer classes, as the left-most parent. The fields\nprovided by `rest_framework_serializer_field_permissions.fields` accept `permission_classes` which operate in typical\nDRF fashion:\n\n```\n from rest_framework import serializers\n \n from rest_framework_serializer_field_permissions import fields\n from rest_framework_serializer_field_permissions.serializers import FieldPermissionSerializerMixin\n from rest_framework_serializer_field_permissions.permissions import IsAuthenticated\n\n class UserSerializer(FieldPermissionSerializerMixin, serializers.HyperlinkedModelSerializer):\n class Meta:\n model = User\n fields = ('url', 'username', 'email', 'is_staff')\n\n email = fields.EmailField(permission_classes=(IsAuthenticated(), ))\n\n```\n\nThe `FieldPermissionSerializerMixin` may be mixed with any DRF serializer class, not just `ModelSerializer`.\n\nYou can write your own permission classes by sub-classing `BaseFieldPermission` in `permissions.py`.\n\nHow it Works\n------------\n\nThe `FieldPermissionSerializerMixin` provides its own `fields` property, which DRF serializers call to get a list\nof their own fields. The amended `fields` property checks for permission-bearing fields, forces them to check their\npermissions against the request, and scrubs from the return any fields which fail their permission checks.\n\nCompatibility\n-------------\n\n* Django Rest Framework 3.8\n* Django 1.11, 2.1 \n* Python 2.7, 3.7\n\nSee tox.ini for specific minor versions tested.\n\nAdditional Requirements\n-----------------------\n\nNone\n\nTodo\n----\n\n* Integration tests\n\nGetting Involved\n----------------\n\nFeel free to open pull requests or issues. [GitHub](https://github.com/InterSIS/django-rest-serializer-field-permissions) is the canonical location of this project.\n\nHere's the general sequence of events for contribution:\n\n1. Open an issue in the [issue tracker](https://github.com/InterSIS/django-rest-serializer-field-permissions/issues/).\n2. In any order:\n * Submit a pull request with a **failing** test that demonstrates the issue/feature.\n * Get acknowledgement/concurrence.\n3. Submit pull request that passes your test in (2). Include documentation, if appropriate.", "description_content_type": "", "docs_url": null, "download_url": "", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "http://intersis.github.io/django-rest-serializer-field-permissions/", "keywords": "", "license": "GNU General Public License v3 (GPLv3)", "maintainer": "", "maintainer_email": "", "name": "django-rest-serializer-field-permissions", "package_url": "https://pypi.org/project/django-rest-serializer-field-permissions/", "platform": "", "project_url": "https://pypi.org/project/django-rest-serializer-field-permissions/", "project_urls": { "Homepage": "http://intersis.github.io/django-rest-serializer-field-permissions/" }, "release_url": "https://pypi.org/project/django-rest-serializer-field-permissions/2.0.0/", "requires_dist": null, "requires_python": "", "summary": "Field-by-field serializer permissions for Django Rest Framework.", "version": "2.0.0" }, "last_serial": 4254866, "releases": { "0.1": [ { "comment_text": "", "digests": { "md5": "920fbe9cea04eb6c2966dc540474c96c", "sha256": "9860de224c91c8dc84b5ae68641b3acdbff301136eb8378649ba20714f498d3b" }, "downloads": -1, "filename": "django-rest-serializer-field-permissions-0.1.tar.gz", "has_sig": false, "md5_digest": "920fbe9cea04eb6c2966dc540474c96c", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 3505, "upload_time": "2015-02-20T07:51:23", "url": "https://files.pythonhosted.org/packages/83/8f/9ef1ae0368245e4ddf1e0030e73bd5f78412e4640793f73814381cb1631f/django-rest-serializer-field-permissions-0.1.tar.gz" } ], "0.11": [ { "comment_text": "", "digests": { "md5": "47fef36c38346f8dd8af41c670e21cc2", "sha256": "57c688b21c8ec9145a6022cf81faa369e16197ebcece3ef79d60ebfcda51d68c" }, "downloads": -1, "filename": "django-rest-serializer-field-permissions-0.11.tar.gz", "has_sig": false, "md5_digest": "47fef36c38346f8dd8af41c670e21cc2", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 3528, "upload_time": "2015-02-20T07:54:48", "url": "https://files.pythonhosted.org/packages/0a/b6/94e299e3da1d3fc08864b999fb80fe64890b9ccfa1c8bc93e4d1bc0d6606/django-rest-serializer-field-permissions-0.11.tar.gz" } ], "0.12": [ { "comment_text": "", "digests": { "md5": "95638d6cfdae2ae2248dee446ef081d3", "sha256": "d945314c28e2cd1cf65526c0efb94af86c2b169e733d8042a57b399ee3434e5d" }, "downloads": -1, "filename": "django-rest-serializer-field-permissions-0.12.tar.gz", "has_sig": false, "md5_digest": "95638d6cfdae2ae2248dee446ef081d3", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 17332, "upload_time": "2015-02-20T07:56:23", "url": "https://files.pythonhosted.org/packages/26/bd/5ae6950ede4f983f8b8463d411d0216af96c5bd62439327eb839c2fd9df6/django-rest-serializer-field-permissions-0.12.tar.gz" } ], "0.34": [ { "comment_text": "", "digests": { "md5": "be466b38fa3ab686d6c74924f8001752", "sha256": "d6b680ad1848216090190aa5284e0db52628bb179876e353e2522f1174261700" }, "downloads": -1, "filename": "django-rest-serializer-field-permissions-0.34.tar.gz", "has_sig": false, "md5_digest": "be466b38fa3ab686d6c74924f8001752", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 17585, "upload_time": "2015-03-19T06:13:20", "url": "https://files.pythonhosted.org/packages/7c/4a/575fbb5a4096457f7a240bc39152365f217c714e495bf89c5f2e566500e9/django-rest-serializer-field-permissions-0.34.tar.gz" } ], "1.0.0": [ { "comment_text": "", "digests": { "md5": "c0c293d10cd35c6fd8512cec107bf6fd", "sha256": "8291667ff639a3b5157c587e16bc9efa16a9ab7bc7ff3fc2dab4cdcffac719f3" }, "downloads": -1, "filename": "django-rest-serializer-field-permissions-1.0.0.tar.gz", "has_sig": false, "md5_digest": "c0c293d10cd35c6fd8512cec107bf6fd", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 17889, "upload_time": "2015-09-08T04:55:12", "url": "https://files.pythonhosted.org/packages/21/bb/a9caa35d6d3d930c53e144354f2d05cffe956b99c8d5a37b9273478dc396/django-rest-serializer-field-permissions-1.0.0.tar.gz" } ], "2.0.0": [ { "comment_text": "", "digests": { "md5": "02fd260588c0cd96f2fa7d06fc8904d1", "sha256": "04620deea8f0916fa155081558376d8e6ed1cbaf0ce764a64472c50610d7482d" }, "downloads": -1, "filename": "django-rest-serializer-field-permissions-2.0.0.tar.gz", "has_sig": false, "md5_digest": "02fd260588c0cd96f2fa7d06fc8904d1", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 20673, "upload_time": "2018-09-09T20:42:41", "url": "https://files.pythonhosted.org/packages/bd/09/7f370abfd4480857b5500989b6706f74c104bd8cecd0a8f67ad92d9220fd/django-rest-serializer-field-permissions-2.0.0.tar.gz" } ], "2.0.0rc1": [ { "comment_text": "", "digests": { "md5": "2e923ffaf7a4b9c5bc0491189ead893b", "sha256": "1955ac8d18431de68c662f5384f4749e32bd7c1c8584e08b916d94ce7845c835" }, "downloads": -1, "filename": "django-rest-serializer-field-permissions-2.0.0rc1.tar.gz", "has_sig": false, "md5_digest": "2e923ffaf7a4b9c5bc0491189ead893b", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 20681, "upload_time": "2018-09-09T20:26:13", "url": "https://files.pythonhosted.org/packages/77/05/4322bf614722b66c42d8b3eee474c8900f23361a22bb2d1286731217d655/django-rest-serializer-field-permissions-2.0.0rc1.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "02fd260588c0cd96f2fa7d06fc8904d1", "sha256": "04620deea8f0916fa155081558376d8e6ed1cbaf0ce764a64472c50610d7482d" }, "downloads": -1, "filename": "django-rest-serializer-field-permissions-2.0.0.tar.gz", "has_sig": false, "md5_digest": "02fd260588c0cd96f2fa7d06fc8904d1", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 20673, "upload_time": "2018-09-09T20:42:41", "url": "https://files.pythonhosted.org/packages/bd/09/7f370abfd4480857b5500989b6706f74c104bd8cecd0a8f67ad92d9220fd/django-rest-serializer-field-permissions-2.0.0.tar.gz" } ] }