From 5f9431b27ad8541185bcd20e533d0e04306eb3aa Mon Sep 17 00:00:00 2001 From: Rob Atkinson <rob@metalinkage.com.au> Date: Fri, 2 Nov 2018 09:04:06 +1100 Subject: [PATCH] Added docs to README on controlling visibility of nested fields --- README.md | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/README.md b/README.md index 7a3ce01e..0f0d2fc7 100644 --- a/README.md +++ b/README.md @@ -9,6 +9,8 @@ It aims at enabling people with little development skills to serve their own dat * Django (known to work with django 1.11) * Django Rest Framework * pyld +* django-guardian +* djangorestframework-guardian ## Installation @@ -35,6 +37,22 @@ class Todo(models.Model): ``` +Note that at this stage you can limit access to certain fields of models using + +``` +<Model>._meta.serializer_fields (<>list of field names to show>) +``` + + For example, if you have a model with a related field with type **django.contrib.auth.models.User** you don't want to show personal details or password hashes. + +E.g. + +``` +from django.contrib.auth.models import User + +User._meta.serializer_fields = ('username','first_name','last_name') +``` + ### 4- Add a url in your urls.py: ``` -- GitLab