From 5f9431b27ad8541185bcd20e533d0e04306eb3aa Mon Sep 17 00:00:00 2001
From: Rob Atkinson <rob@metalinkage.com.au>
Date: Fri, 2 Nov 2018 09:04:06 +1100
Subject: [PATCH 1/2] Added docs to README on controlling visibility of nested
fields
---
README.md | 18 ++++++++++++++++++
1 file changed, 18 insertions(+)
diff --git a/README.md b/README.md
index 7a3ce01e..0f0d2fc7 100644
--- a/README.md
+++ b/README.md
@@ -9,6 +9,8 @@ It aims at enabling people with little development skills to serve their own dat
* Django (known to work with django 1.11)
* Django Rest Framework
* pyld
+* django-guardian
+* djangorestframework-guardian
## Installation
@@ -35,6 +37,22 @@ class Todo(models.Model):
```
+Note that at this stage you can limit access to certain fields of models using
+
+```
+<Model>._meta.serializer_fields (<>list of field names to show>)
+```
+
+ For example, if you have a model with a related field with type **django.contrib.auth.models.User** you don't want to show personal details or password hashes.
+
+E.g.
+
+```
+from django.contrib.auth.models import User
+
+User._meta.serializer_fields = ('username','first_name','last_name')
+```
+
### 4- Add a url in your urls.py:
```
--
GitLab
From 722244a9736fe0e9204c6090a2a4f99fe8dde225 Mon Sep 17 00:00:00 2001
From: Rob Atkinson <rob@metalinkage.com.au>
Date: Fri, 2 Nov 2018 10:57:37 +1100
Subject: [PATCH 2/2] Add @id field to all serialisers by default
---
djangoldp/serializers.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/djangoldp/serializers.py b/djangoldp/serializers.py
index 8e471d5e..716a181d 100644
--- a/djangoldp/serializers.py
+++ b/djangoldp/serializers.py
@@ -99,7 +99,7 @@ class LDPSerializer(HyperlinkedModelSerializer):
model = relation_info.related_model
depth = nested_depth - 1
try:
- fields = model._meta.serializer_fields
+ fields = ( '@id',) + model._meta.serializer_fields
except:
fields = '__all__'
--
GitLab