From 5f9431b27ad8541185bcd20e533d0e04306eb3aa Mon Sep 17 00:00:00 2001
From: Rob Atkinson <rob@metalinkage.com.au>
Date: Fri, 2 Nov 2018 09:04:06 +1100
Subject: [PATCH] Added docs to README on controlling visibility of nested
 fields

---
 README.md | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/README.md b/README.md
index 7a3ce01e..0f0d2fc7 100644
--- a/README.md
+++ b/README.md
@@ -9,6 +9,8 @@ It aims at enabling people with little development skills to serve their own dat
 * Django (known to work with django 1.11)
 * Django Rest Framework
 * pyld
+* django-guardian
+* djangorestframework-guardian
 
 ## Installation
 
@@ -35,6 +37,22 @@ class Todo(models.Model):
 
 ```
 
+Note that at this stage you can limit access to certain fields of models using
+
+```
+<Model>._meta.serializer_fields (<>list of field names to show>)
+```
+
+ For example, if you have a model with a related field with type **django.contrib.auth.models.User** you don't want to show personal details or password hashes.
+
+E.g.
+
+```
+from django.contrib.auth.models import User
+
+User._meta.serializer_fields  = ('username','first_name','last_name')
+```
+
 ### 4- Add a url in your urls.py:
 
 ```
-- 
GitLab