python 如何防止用户在Django Rest中更改某些字段？

omjgkv6w 于 2023-09-29 发布在 Python

关注(0)|答案(2)|浏览(103)

我的Django REST应用程序有一个实体，在创建/更新过程中，一些字段由后端设置，而不是由用户设置，但用户仍然可以提交请求来更新这些字段。

仅允许后台更改的字段：

by_backend_only = [
    "company",
    "schedule_format",
    "file_url",
    "is_valid",
    "err_msg",
    "total_flights"
}

序列化器：

class ScheduleSerializer(ModelSerializer):
    class Meta:
        model = RP_Schedule
        fields = [
            "id",
            "name", "season", "airport", "company",
            "schedule_type", "schedule_format",
            "file_url", "err_msg", "is_valid", "total_flights", 
            "date_range_start", "date_range_end",
        ]

如何防止用户更改这些字段，但将它们保留在序列化程序中以创建/更新实体？

python

来源：https://stackoverflow.com/questions/77198164/how-to-prevent-the-user-from-changing-some-fields-in-django-rest

2条答案

按热度按时间

lbsnaicq1#

您可以添加

class ScheduleSerializer(ModelSerializer):
    class Meta:
        model = RP_Schedule
        fields = [
            "id",
            "name", "season", "airport", "company",
            "schedule_type", "schedule_format",
            "file_url", "err_msg", "is_valid", "total_flights", 
            "date_range_start", "date_range_end",
        ]
        read_only_fields = ["date_range_start", "date_range_end",]