1๐
โ
As I see, this is a bit different problem. The only thing you should care is making sure all write-request require authorization. No one should be allowed to put anything to your DB, but for those having proper permissions. While those having them are considered as trusted users and you should not be concerned that they can post something bad to your DB.
DRF includes token authentication, session authentication and other auth methods that you can use in connection with Permissions. You must make all POST, PUT and DELETE request protected by permissions system, otherwise your API is extremely vulnerable.
And if I recall it correctly, primary key on a ModelSerializer is read-only by default.
๐คabcdn
0๐
class ProductSerializer(ModelSerializer):
class Meta:
model = Product
fields = ('id', ...)
read_only_fields = ('id',)
๐คYkh
- Update model field and any other fields in django
- Broken plotly installation impacts Django
- Django 1.8: Join latest entry to foreign key
- Django Like button ajax
Source:stackexchange.com